SYMBOLCOMMON_NAMEaka. SYNONYMS
win.sectop_rat (Back to overview)

SectopRAT

aka: 1xxbot, ArechClient

SectopRAT, aka ArechClient2, is a .NET RAT with numerous capabilities including multiple stealth functions. Arechclient2 can profile victim systems, steal information such as browser and crypto-wallet data, and launch a hidden secondary desktop to control browser sessions. Additionally, it has several anti-VM and anti-emulator capabilities.

References
2023-10-27ElasticJoe Desimone, Salim Bitam
@online{desimone:20231027:ghostpulse:d3a821a, author = {Joe Desimone and Salim Bitam}, title = {{GHOSTPULSE haunts victims using defense evasion bag o' tricks}}, date = {2023-10-27}, organization = {Elastic}, url = {https://www.elastic.co/security-labs/ghostpulse-haunts-victims-using-defense-evasion-bag-o-tricks}, language = {English}, urldate = {2023-11-22} } GHOSTPULSE haunts victims using defense evasion bag o' tricks
HijackLoader Lumma Stealer NetSupportManager RAT Rhadamanthys SectopRAT Vidar
2023-08-31Rapid7 LabsNatalie Zargarov, Thomas Elkins, Evan McCann, Tyler McGraw
@online{zargarov:20230831:fake:4b8ef57, author = {Natalie Zargarov and Thomas Elkins and Evan McCann and Tyler McGraw}, title = {{Fake Update Utilizes New IDAT Loader To Execute StealC and Lumma Infostealers}}, date = {2023-08-31}, organization = {Rapid7 Labs}, url = {https://www.rapid7.com/blog/post/2023/08/31/fake-update-utilizes-new-idat-loader-to-execute-stealc-and-lumma-infostealers/}, language = {English}, urldate = {2023-11-22} } Fake Update Utilizes New IDAT Loader To Execute StealC and Lumma Infostealers
FAKEUPDATES Amadey HijackLoader Lumma Stealer SectopRAT
2023-02-05dr4k0niadr4k0nia
@online{dr4k0nia:20230205:analysing:a89dbe6, author = {dr4k0nia}, title = {{Analysing A Sample Of Arechclient2}}, date = {2023-02-05}, organization = {dr4k0nia}, url = {https://dr4k0nia.github.io/posts/Analysing-a-sample-of-ArechClient2/}, language = {English}, urldate = {2023-02-06} } Analysing A Sample Of Arechclient2
SectopRAT
2023-01-18Twitter (@Gi7w0rm)Gi7w0rm
@online{gi7w0rm:20230118:long:7a6333e, author = {Gi7w0rm}, title = {{A long way to SectopRat}}, date = {2023-01-18}, organization = {Twitter (@Gi7w0rm)}, url = {https://medium.com/@gi7w0rm/a-long-way-to-sectoprat-eb2f0aad6ec8}, language = {English}, urldate = {2023-01-18} } A long way to SectopRat
SectopRAT
2022-11-30CyberFloridaCyberFlorida
@online{cyberflorida:20221130:malware:9da929a, author = {CyberFlorida}, title = {{Malware with Sandbox Evasion Techniques Observed Stealing Browser Cached Credentials}}, date = {2022-11-30}, organization = {CyberFlorida}, url = {https://cyberflorida.org/2022/11/arechclient2/}, language = {English}, urldate = {2023-02-06} } Malware with Sandbox Evasion Techniques Observed Stealing Browser Cached Credentials
SectopRAT
2022-11-30TampaBayTechtampabaytech2
@online{tampabaytech2:20221130:arechclient2:b465dfa, author = {tampabaytech2}, title = {{Arechclient2}}, date = {2022-11-30}, organization = {TampaBayTech}, url = {https://tampabay.tech/2022/11/30/arechclient2/}, language = {English}, urldate = {2023-02-06} } Arechclient2
SectopRAT
2022-11-01BlackPointBlackPoint
@techreport{blackpoint:20221101:ratting:8a43425, author = {BlackPoint}, title = {{Ratting Out Arechclient2}}, date = {2022-11-01}, institution = {BlackPoint}, url = {https://cdn-production.blackpointcyber.com/wp-content/uploads/2022/11/01161208/Blackpoint-Cyber-Ratting-out-Arechclient2-Whitepaper.pdf}, language = {English}, urldate = {2023-02-06} } Ratting Out Arechclient2
SectopRAT
2022-04-15Center for Internet SecurityCIS
@online{cis:20220415:top:62c8245, author = {CIS}, title = {{Top 10 Malware March 2022}}, date = {2022-04-15}, organization = {Center for Internet Security}, url = {https://www.cisecurity.org/insights/blog/top-10-malware-march-2022}, language = {English}, urldate = {2023-02-17} } Top 10 Malware March 2022
Mirai Shlayer Agent Tesla Ghost RAT Nanocore RAT SectopRAT solarmarker Zeus
2021-02-17G DataKarsten Hahn
@online{hahn:20210217:sectoprat:f578681, author = {Karsten Hahn}, title = {{SectopRAT: New version adds encrypted communication}}, date = {2021-02-17}, organization = {G Data}, url = {https://www.gdatasoftware.com/blog/2021/02/36633-new-version-adds-encrypted-communication}, language = {English}, urldate = {2023-02-06} } SectopRAT: New version adds encrypted communication
SectopRAT
2021-01-23vxhive blog0xastrovax
@online{0xastrovax:20210123:deep:47d960f, author = {0xastrovax}, title = {{Deep Dive Into SectopRat}}, date = {2021-01-23}, organization = {vxhive blog}, url = {https://vxhive.blogspot.com/2021/01/deep-dive-into-sectoprat.html}, language = {English}, urldate = {2021-01-25} } Deep Dive Into SectopRat
SectopRAT
2019-11-21G DataG Data
@online{data:20191121:new:cbeb2e4, author = {G Data}, title = {{New SectopRAT: Remote access malware utilizes second desktop to control browsers}}, date = {2019-11-21}, organization = {G Data}, url = {https://www.gdatasoftware.com/blog/2019/11/35548-new-sectoprat-remote-access-malware-utilizes-second-desktop-to-control-browsers}, language = {English}, urldate = {2020-01-10} } New SectopRAT: Remote access malware utilizes second desktop to control browsers
SectopRAT

There is no Yara-Signature yet.