×

Irish Information Security Forum

StilachiRAT: A Sophisticated Cyber Threat

Source: Microsoft
Date: MArch 17, 2025

 

StilachiRAT is a novel remote access trojan (RAT) discovered in November 2024 by Microsoft Incident Response researchers. This malware demonstrates advanced techniques for evading detection, maintaining persistence, and exfiltrating sensitive data.

 

Key Features and Capabilities

 

  • System Reconnaissance: StilachiRAT collects detailed system information, including operating system details, hardware identifiers, and active Remote Desktop Protocol (RDP) sessions. It uses sophisticated methods like WMI Query Language (WQL) for profiling target systems.
  • Credential Theft: The malware extracts and decrypts saved credentials from Google Chrome, targeting usernames and passwords stored in the browser.
  • Cryptocurrency Wallet Targeting: StilachiRAT scans for configuration data from up to 20 cryptocurrency wallet extensions, including popular ones like MetaMask and Coinbase Wallet, aiming to steal digital assets.
  • Command-and-Control (C2) Connectivity: It establishes communication with remote C2 servers, enabling attackers to execute commands, manipulate registries, and clear logs.
  • Persistence Mechanisms: The malware achieves persistence through the Windows Service Control Manager (SCM) and employs watchdog threads to reinstate itself if removed.

 

Evasion Techniques

 

StilachiRAT employs advanced evasion methods, such as obfuscating Windows API calls, delaying connections, and terminating itself if analysis tools are detected. These capabilities make it a significant cybersecurity concern.

 

Mitigation Strategies


To defend against StilachiRAT, organizations should implement robust security measures, including:

 

  • Regular software updates to patch vulnerabilities.
  • Enhanced monitoring for suspicious activities.
  • Employee training to recognize phishing attempts and other deceptive tactics.

 

StilachiRAT exemplifies the evolving nature of cyber threats, combining multiple malicious functions into a single tool for maximum impact. 

Dig into more detail here

StilachiRAT Microsoft article

 

 

IISF Logo

If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:

By email:
secretary@iisf.ie

By post:

David Cahill

GTS Security,
Exo Building,
North Wall Quay,
Dublin 1,
D01 W5Y2

 

Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland

 

Forum SPONSORS 

Invitations for Annual Sponsorship of IISF has now reopened.

Sponsorship of IISF Opportunity
(your logo & profile link here)

 

Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more

 

More News

 

secured by edgescan digital security radar logo

© iiSf. All rights reserved. CRN: 3400036GH  - Privacy  - Sponsorship  - Cybersecurity News Index  - Cybersecurity Resources  - X  - Produced by
LinkedIn Twitter