SectopRAT2
SectopRAT2 (ArechClient2). PowerShell dropper. .su TLD C2. Base64 config. Remote access+credential steal.
Threat Profile
Type
RAT
Programming LanguageC#/.NET
C2 ProtocolTCP/HTTPS
First Seen2019
Targets
Kuresel
Purpose / Capabilities
- Remote Access+Credential Steal
C2 Servers 1
| Address | Port | Protocol | Status | Action |
|---|---|---|---|---|
gtLane6906.su
|
443 | HTTPS | INACTIVE |
⚠ C2 addresses are shared solely for threat intelligence and defensive purposes. Unauthorized access to these addresses constitutes a criminal offense.
Research Reports (1)
SectopRAT 2/ArechClient2 -- PowerShell 794KB, gtLane6906.Su C2, rMZIRio Base64 Config | Yüksek
SectopRAT2 (ArechClient2) PS1 794KB. gtLane6906.Su .su C2. rMZIRioWL base64 config. Powershell dropper.
Read Report →