HOMETHREATSStilachiRAT
APT / THREAT GROUP

StilachiRAT

2
aliases
Last seen:Jun 12, 2026

Intelligence Profile

According to Microsoft Incident Response, StilachiRAT is a sophisticated remote access trojan that uses stealth and persistence techniques to evade detection and enable data exfiltration. It performs extensive system reconnaissance, can target cryptocurrency wallet data, and steals browser credentials while monitoring clipboard contents for sensitive information. It maintains a flexible command-and-control channel over TCP with multiple ports, supports a broad set of commands including system manipulation and reboot, and uses Windows services with watchdogs to ensure persistence. It also monitors RDP sessions and can impersonate users.

Threat Analysis

StilachiRAT is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Aliases2

Also Known As

StilachiRATwin.stilachi_rat

External Intelligence

Malpedia: win.stilachi_rat

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.