SectopRAT (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

win.sectop_rat (Back to overview)

SectopRAT

aka: 1xxbot, ArechClient

SectopRAT, aka ArechClient2, is a .NET RAT with numerous capabilities including multiple stealth functions. Arechclient2 can profile victim systems, steal information such as browser and crypto-wallet data, and launch a hidden secondary desktop to control browser sessions. Additionally, it has several anti-VM and anti-emulator capabilities.

References

2025-03-13 ⋅ Medium walmartglobaltech ⋅ Jason Reaves
ArechClient; Decoding IOCs and finding the onboard browser extension
SectopRAT

2024-07-02 ⋅ Sekoia ⋅ Quentin Bourgue
Exposing FakeBat loader: distribution methods and adversary infrastructure
BlackCat Royal Ransom EugenLoader Carbanak Cobalt Strike DICELOADER Gozi IcedID Lumma Stealer NetSupportManager RAT Pikabot RedLine Stealer SectopRAT Sliver SmokeLoader Vidar

2023-12-30 ⋅ Rewterz Information Security ⋅ Rewterz Information Security
Rewterz Threat Alert – Widely Abused MSIX App Installer Disabled by Microsoft – Active IOCs
EugenLoader POWERTRASH BATLOADER DarkGate FlawedGrace NetSupportManager RAT SectopRAT Storm-0506

2023-11-14 ⋅ Medium joshuapenny88 ⋅ Joshua Penny
HostingHunter Series: CHANG WAY TECHNOLOGIES CO. LIMITED
Hook Hydra Cobalt Strike SectopRAT

2023-10-27 ⋅ Elastic ⋅ Joe Desimone, Salim Bitam
GHOSTPULSE haunts victims using defense evasion bag o' tricks
HijackLoader Lumma Stealer NetSupportManager RAT Rhadamanthys SectopRAT Vidar

2023-08-31 ⋅ Rapid7 Labs ⋅ Evan McCann, Natalie Zargarov, Thomas Elkins, Tyler McGraw
Fake Update Utilizes New IDAT Loader To Execute StealC and Lumma Infostealers
FAKEUPDATES Amadey HijackLoader Lumma Stealer SectopRAT

2023-03-01 ⋅ Medium SarvivaMalwareAnalyst ⋅ sarviya
SecTopRAT: A Dangerous Remote Access Trojan Spreading Through Google Fake Ads
SectopRAT

2023-02-05 ⋅ dr4k0nia ⋅ dr4k0nia
Analysing A Sample Of Arechclient2
SectopRAT

2023-01-18 ⋅ Twitter (@Gi7w0rm) ⋅ Gi7w0rm
A long way to SectopRat
SectopRAT

2022-11-30 ⋅ CyberFlorida ⋅ CyberFlorida
Malware with Sandbox Evasion Techniques Observed Stealing Browser Cached Credentials
SectopRAT

2022-11-30 ⋅ TampaBayTech ⋅ tampabaytech2
Arechclient2
SectopRAT

2022-11-01 ⋅ BlackPoint ⋅ BlackPoint
Ratting Out Arechclient2
SectopRAT

2022-04-15 ⋅ Center for Internet Security ⋅ CIS
Top 10 Malware March 2022
Mirai Shlayer Agent Tesla Ghost RAT Nanocore RAT SectopRAT solarmarker Zeus

2021-02-17 ⋅ G Data ⋅ Karsten Hahn
SectopRAT: New version adds encrypted communication
SectopRAT

2021-01-23 ⋅ vxhive blog ⋅ 0xastrovax
Deep Dive Into SectopRat
SectopRAT

2019-11-21 ⋅ G Data ⋅ G Data
New SectopRAT: Remote access malware utilizes second desktop to control browsers
SectopRAT

There is no Yara-Signature yet.

SectopRAT Propose Change

References

SectopRAT