StilachiRAT
Intelligence Profile
According to Microsoft Incident Response, StilachiRAT is a sophisticated remote access trojan that uses stealth and persistence techniques to evade detection and enable data exfiltration. It performs extensive system reconnaissance, can target cryptocurrency wallet data, and steals browser credentials while monitoring clipboard contents for sensitive information. It maintains a flexible command-and-control channel over TCP with multiple ports, supports a broad set of commands including system manipulation and reboot, and uses Windows services with watchdogs to ensure persistence. It also monitors RDP sessions and can impersonate users.
Threat Analysis
StilachiRAT is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.