StilachiRAT analysis: From system reconnaissance to cryptocurrency theft
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Microsoft Incident Response researchers discovered a novel remote access trojan named StilachiRAT, demonstrating sophisticated evasion, persistence, and data exfiltration techniques. The malware collects extensive system information, targets cryptocurrency wallet extensions, steals browser credentials, establishes command-and-control communication, executes remote commands, achieves persistence through Windows services, monitors RDP sessions, collects clipboard data, and employs anti-forensic measures. StilachiRAT's capabilities include system reconnaissance, digital wallet targeting, credential theft, command execution, and clipboard monitoring. The analysis reveals its potential for cryptocurrency theft and system manipulation.
OPENCTI LABELS :
remote access trojan,credential theft,cryptocurrency theft,command and control,persistence,stilachirat,system reconnaissance,anti-forensics,rdp monitoring
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
StilachiRAT analysis: From system reconnaissance to cryptocurrency theft