SectopRAT2

SectopRAT2 (ArechClient2). PowerShell dropper. .su TLD C2. Base64 config. Remote access+credential steal.

Threat Profile
Type RAT
Programming LanguageC#/.NET
C2 ProtocolTCP/HTTPS
First Seen2019
Targets Kuresel
Purpose / Capabilities
  • Remote Access+Credential Steal

C2 Servers 1

Address Port Protocol Status Action
gtLane6906.su
443 HTTPS INACTIVE

⚠ C2 addresses are shared solely for threat intelligence and defensive purposes. Unauthorized access to these addresses constitutes a criminal offense.

Research Reports (1)

High

SectopRAT 2/ArechClient2 -- PowerShell 794KB, gtLane6906.Su C2, rMZIRio Base64 Config | Yüksek

SectopRAT2 (ArechClient2) PS1 794KB. gtLane6906.Su .su C2. rMZIRioWL base64 config. Powershell dropper.

Read Report →