Researchers Discover New ‘StilachiRat’ Malware

Security researchers identified a new remote access trojan (RAT) used in digital recon, crypto theft, and data exfiltration campaigns.

Novel remote access trojan spotted in the wild

Microsoft cybersecurity researchers disclosed details of a novel RAT malware with a wide range of malicious abilities.

The malware, dubbed “StilachiRAT,” has been spotted in the wild a few times, but researchers have yet to associate it with a threat group.

Although threat actors haven’t disseminated the RAT on a large scale, researchers decided to disclose details about it, including mitigation steps and indicators of compromise.

Numerous malicious abilities identified

Like many other remotely accessible counterparts, StilachiRAT has an impressive arsenal of malicious capabilities, including system reconnaissance, crypto wallet and credential theft, command and control (C2) connectivity, persistence modules, command execution, RDP monitoring, clipboard and data collection, as well as anti-forensics and evasion features.

“Analysis of the StilachiRAT’s WWStartupCtrl64.dll module that contains the RAT capabilities revealed the use of various methods to steal information from the target system, such as credentials stored in the browser, digital wallet information, data stored in the clipboard, as well as system information,” reads Microsoft’s security advisory.

Persistence mechanisms

Security experts noted that the RAT encompasses mechanisms that ensure the threat actors achieve persistence on compromised machines.

StilachiRAT can be launched either as a standalone component or a Windows service. Regardless of its form, the malware uses a watchdog thread that regularly checks if the RAT’s executable or dynamic link library (DLL) files are present on the system.

If the components are not found, the malware recreates them using an internal copy generated during the initialization phase. The malware can also replicate the Windows service component by altering registry settings and launching it through Windows’ Service Control Manager (SCM).

RATs can wreak havoc on unsecured machines

Malware like StilachiRAT can spell disaster to systems lacking appropriate security measures.

Dedicated software like Bitdefender Ultimate Security can keep your devices clean of RATs, viruses, worms, zero-day exploits, ransomware, spyware, rootkits and other digital threats.

It features continuous, comprehensive detection and protection, network threat prevention, behavioral detection for active apps, cryptomining protection, multi-layer ransomware protection, web attack prevention, and AI-powered scam detection.