Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Block StilachiRAT A Sophisticated Malware RAT Targeting 20 Crypto Wallet Extensions to Steal Cryptocurrency #777

Open
1 task
summercms opened this issue Mar 19, 2025 · 0 comments
Open
1 task

Block StilachiRAT A Sophisticated Malware RAT Targeting 20 Crypto Wallet Extensions to Steal Cryptocurrency #777

summercms opened this issue Mar 19, 2025 · 0 comments
Labels
Code Update 🔔 Code Update enhancement 👍 New feature or request In-progress In-progress Priority: Medium Priority: Medium

Comments

@summercms
Copy link
Contributor

Enhancement idea

  • Block StilachiRAT A Sophisticated Malware RAT Targeting 20 Crypto Wallet Extensions to Steal Cryptocurrency.

Description

StilachiRAT is a novel remote access trojan (RAT) discovered by Microsoft Incident Response researchers in November 2024. The malware is designed to evade detection, persist in the target environment, and exfiltrate sensitive data from the infected system.

Key Characteristics of StilachiRAT

  • Sophisticated techniques: StilachiRAT uses various methods to steal information from the target system, including credentials stored in the browser, digital wallet information, and system information.
  • System reconnaissance: Collects comprehensive system information, including OS details and hardware identifiers.
  • Digital wallet targeting: Scans for configuration data of 20 different cryptocurrency wallet extensions for Google Chrome.
  • Credential theft: Extracts and decrypts saved credentials from Google Chrome.
  • Command-and-control (C2) connectivity: Establishes communication with remote C2 servers using TCP ports 53, 443, or 16000.
  • Persistence mechanisms: Achieves persistence through the Windows service control manager (SCM) and uses watchdog threads to ensure self-reinstatement if removed.
  • RDP monitoring: Monitors RDP sessions, capturing active window information and impersonating users.
  • Clipboard and data collection: Continuously monitors clipboard content, actively searching for sensitive data like passwords and cryptocurrency keys.

Screenshots

n/a

Links

https://www.microsoft.com/en-us/security/blog/2025/03/17/stilachirat-analysis-from-system-reconnaissance-to-cryptocurrency-theft/

IOC

I2P websites

n/a

IPFS websites

n/a

Tor2web websites

n/a

TOR websites

n/a

URL's

n/a

Folders

n/a

Sub-Domains

n/a

Domains

95560.cc

Package Names

n/a

IP's

194.195.89.47

ASN's

n/a

Emails

n/a

Wallet addresses

n/a

Mining pool addresses

n/a
@summercms summercms added Code Update 🔔 Code Update enhancement 👍 New feature or request In-progress In-progress Priority: Medium Priority: Medium labels Mar 19, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Code Update 🔔 Code Update enhancement 👍 New feature or request In-progress In-progress Priority: Medium Priority: Medium
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@summercms