SYMBOLCOMMON_NAMEaka. SYNONYMS
win.sectop_rat (Back to overview)

SectopRAT

aka: 1xxbot, ArechClient

SectopRAT, aka ArechClient2, is a .NET RAT with numerous capabilities including multiple stealth functions. Arechclient2 can profile victim systems, steal information such as browser and crypto-wallet data, and launch a hidden secondary desktop to control browser sessions. Additionally, it has several anti-VM and anti-emulator capabilities.

References
2023-11-14Medium joshuapenny88Joshua Penny
HostingHunter Series: CHANG WAY TECHNOLOGIES CO. LIMITED
Hook Hydra Cobalt Strike SectopRAT
2023-10-27ElasticJoe Desimone, Salim Bitam
GHOSTPULSE haunts victims using defense evasion bag o' tricks
HijackLoader Lumma Stealer NetSupportManager RAT Rhadamanthys SectopRAT Vidar
2023-08-31Rapid7 LabsEvan McCann, Natalie Zargarov, Thomas Elkins, Tyler McGraw
Fake Update Utilizes New IDAT Loader To Execute StealC and Lumma Infostealers
FAKEUPDATES Amadey HijackLoader Lumma Stealer SectopRAT
2023-02-05dr4k0niadr4k0nia
Analysing A Sample Of Arechclient2
SectopRAT
2023-01-18Twitter (@Gi7w0rm)Gi7w0rm
A long way to SectopRat
SectopRAT
2022-11-30CyberFloridaCyberFlorida
Malware with Sandbox Evasion Techniques Observed Stealing Browser Cached Credentials
SectopRAT
2022-11-30TampaBayTechtampabaytech2
Arechclient2
SectopRAT
2022-11-01BlackPointBlackPoint
Ratting Out Arechclient2
SectopRAT
2022-04-15Center for Internet SecurityCIS
Top 10 Malware March 2022
Mirai Shlayer Agent Tesla Ghost RAT Nanocore RAT SectopRAT solarmarker Zeus
2021-02-17G DataKarsten Hahn
SectopRAT: New version adds encrypted communication
SectopRAT
2021-01-23vxhive blog0xastrovax
Deep Dive Into SectopRat
SectopRAT
2019-11-21G DataG Data
New SectopRAT: Remote access malware utilizes second desktop to control browsers
SectopRAT

There is no Yara-Signature yet.