StilachiRAT analysis: From system reconnaissance to cryptocurrency theft
Essential information
- Published
- 17/03/2025 22:21
- Modified
- 18/03/2025 09:58
- Tags
- 2025-03-17 anti-forensics command and control credential-theft cryptocurrency theft persistence rdp monitoring remote access trojan stilachirat system reconnaissance
- Related entities
- 1 vulnerabilities (cve), 2 observables, 1 malware
Description
Microsoft Incident Response researchers discovered a novel remote access trojan named StilachiRAT, demonstrating sophisticated evasion, persistence, and data exfiltration techniques. The malware collects extensive system information, targets cryptocurrency wallet extensions, steals browser credentials, establishes command-and-control communication, executes remote commands, achieves persistence through Windows services, monitors RDP sessions, collects clipboard data, and employs anti-forensic measures. StilachiRAT's capabilities include system reconnaissance, digital wallet targeting, credential theft, command execution, and clipboard monitoring. The analysis reveals its potential for cryptocurrency theft and system manipulation.