Summary: Microsoft has detected a new remote access trojan (RAT) named StilachiRAT that utilizes advanced techniques for avoiding detection and extracting sensitive information. Although its distribution is currently limited, Microsoft has released indicators of compromise and mitigation strategies to aid network defenders in identifying the threat. StilachiRAT features capabilities such as credential theft, monitoring active sessions, and evading detection to maintain persistence on infected systems.
Affected: Microsoft Systems and Users
Keypoints :
- StilachiRAT employs various sophisticated methods to exfiltrate sensitive user data, including credentials and cryptocurrency wallet information.
- It maintains persistence on systems by leveraging the Windows service control manager and employs watchdog threads to monitor its binaries.
- The malware includes anti-forensics measures that clear event logs and dynamically obfuscate its API calls to evade detection attempts.