← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Rilide: An Information Stealing Browser Extension
WHITE arringtont 2025-03-21 Modified: 2025-04-20
38
IOCs
MEDIUM VOLUME
Rilide is an information stealer masquerading as a browser extension that is designed to steal personal information, log passwords and steal credentials for cryptocurrency wallets, according to research published by CyberChef.
threat intelligencemalwarerilidepowershellfiguregoogle drivevmraybitcoin addressiocscyberchefstronglearntwitteraprilaugustdroppervirustotalfacebookrestrict
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Rilide
Indicators of Compromise (38)
All BitcoinAddress FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
BitcoinAddress 1Aybhtfb3TM36MDmULVXJVAFni8V8tR4aS 2025-03-21
FileHash-MD5 650052f23efde0ed4460b760134db8c6 2025-03-21
FileHash-SHA1 286574e458cddb32032ba4935d7f8e2716cfcf2c 2025-03-21
FileHash-SHA256 76afc4a7ef10d760c3fa42458e8f133f1ed4d76071ab6f4207037f64a4bffab7 2025-03-21
URL http://bitcoinexplorer.org/api/address/bc1qkljhfktumxjqa52yle0xzz9nd4jl40vzyyc066?limit=1 2025-03-21
URL http://blockstream.info/api/address/bc1qkljhfktumxjqa52yle0xzz9nd4jl40vzyyc066/txs 2025-03-21
URL http://download.hdoki.org/yzxdhdxsqkmvcayrtevs/RiotRevelry1.0.2.exe 2025-03-21
URL http://mmemento-mori.com/api/machine/clipper 2025-03-21
URL http://mmemento-mori.com/api/machine/commands?uuid=31d7f9d7-a0ea-46be-88b7-196bc3e2e5e1 2025-03-21
URL http://mmemento-mori.com/api/machine/init 2025-03-21
URL http://mmemento-mori.com/api/machine/injections?uuid=31d7f9d7-a0ea-46be-88b7-196bc3e2e5e1 2025-03-21
URL http://mmemento-mori.com/api/machine/screenshot-rules 2025-03-21
URL http://mmemento-mori.com/api/machine/set-command 2025-03-21
URL http://mmemento-mori.com/api/machine/settings 2025-03-21
URL http://mmemento-mori.com/api/machine/sign?d=mmemento-mori.com 2025-03-21
URL http://nch-software.info/1/2.exe 2025-03-21
URL http://tcl-black.com/1111.bs64 2025-03-21
URL https://www.vmray.com/analyses/76afc4a7ef10/report/overview.html 2025-03-21
domain ashgrrwt.click 2025-03-21
domain bitcoinexplorer.org 2025-03-21
domain blackfox.lol 2025-03-21
domain blockstream.info 2025-03-21
domain extension-login.com 2025-03-21
domain extensionsupdate.com 2025-03-21
domain memento-mori.com 2025-03-21
domain mmemento-mori.com 2025-03-21
domain nch-software.info 2025-03-21
domain nightpredators.com 2025-03-21
domain nvidia-graphics.top 2025-03-21
domain proyectopatentadomxapostol.com 2025-03-21
domain pupkalazalupka.com 2025-03-21
domain tcl-black.com 2025-03-21
domain tes123123t.com 2025-03-21
domain vceilinichego.ru 2025-03-21
domain web-lox.com 2025-03-21
hostname assets.bnbcoinstatic.com 2025-03-21
hostname download.hdoki.org 2025-03-21
hostname www.vmray.com 2025-03-21
References (1)
↗ https://blog.pulsedive.com/rilide-an-information-stealing-browser-extension/