Tag: sectoprat

5 Attack Reports | 0 Vulnerabilities

Attack reports

Fake Zoom Ends in BlackSuit Ransomware

A malicious website mimicking Zoom led to the installation of a trojanized installer, initiating a multi-stage attack. The initial payload, d3f@ckloader, downloaded additional components, including SectopRAT. After nine days, the threat actor deployed Brute Ratel and Cobalt Strike beacons for later…
ransomware
cobalt strike
exfiltration
lateral movement
proxy
blacksuit
sectoprat
brute ratel
2025-03-31
d3f@ckloader
qdoor
Published: March 31, 2025
Downloadable IOCs: 0

Lumma Stealer Malware Thrives as Unique Patterns Uncovered in the Infostealer's Domain Clusters

Recent research reveals Lumma Stealer command and control domain clusters share specific technical characteristics, enabling mapping of entire infrastructure clusters. The infostealer's logs are being shared for free on Leaky[.]pro, a new hacking forum, offering billions of stolen credential record…
malvertising
infostealer
lumma stealer
credential theft
youtube
malspam
sectoprat
c2 infrastructure
2025-02-22
domain clusters
Published: February 22, 2025
Downloadable IOCs: 0

The Abuse of ITarian RMM by Dolphin Loader

This report explores how the Dolphin Loader, a malware-as-a-service loader, abuses the legitimate ITarian Remote Monitoring and Management (RMM) software to distribute various malware payloads. The loader leverages the built-in functionality of RMM tools, such as remote command execution and system…
stealthy
python
lummac2
rhadamanthys
rmm
darkgate
redline
autoit
malware-as-a-service
sectoprat
2024-08-19
itarian
evade
dolphin loader
Published: August 19, 2024
Downloadable IOCs: 24

Exploring the D3F@ck Malware-as-a-Service Loader

This report analyzes the D3F@ck Loader, a malware-as-a-service (MaaS) offering orchestrated by an individual going by the alias Sergei Panteleevich. The loader utilizes various evasion techniques, including the use of Extended Validation certificates, Inno Setup installers with custom Pascal script…
malware
loader
obfuscation
stealer
danabot
metastealer
sectoprat
2024-08-19
raccoon stealer
certificates
d3f@ck loader
Published: August 19, 2024
Linked vulnerabilities : CVE-2024-7593 (CVSS 9.8)
Downloadable IOCs: 4

Multiple Malware Dropped Through MSI Package

An analysis reveals the distribution of malware through an MSI package, specifically SectopRat and Redline stealer. The malware employs techniques like executing malicious scripts, disabling security measures, and establishing persistence through scheduled tasks. It communicates with command-and-co…
powershell
stealer
persistence
dropper
redline
c2
2024-08-14
sectoprat
Published: August 14, 2024
Downloadable IOCs: 11
Click here to see more Attack Reports