APT / THREAT GROUP
SectopRAT
4
aliases
Last seen:Mar 17, 2026
Intelligence Profile
SectopRAT, aka ArechClient2, is a .NET RAT with numerous capabilities including multiple stealth functions. Arechclient2 can profile victim systems, steal information such as browser and crypto-wallet data, and launch a hidden secondary desktop to control browser sessions. Additionally, it has several anti-VM and anti-emulator capabilities.
Threat Analysis
SectopRAT is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
Intelligence Reports Mentioning SectopRAT
Smart Contracts for C&C: How ClearFake Hid in Plain Sight on BSC Testnet
Trend Micro Research· May 25, 2026
GrayCharlie Hijacks Law Firm Sites in Suspected Supply-Chain Attack
Recorded Future Blog· Feb 17, 2026
External References
Quick Facts
TypeAPT / Threat Group
Aliases4
Also Known As
win.sectop_ratSectopRAT1xxbotArechClient
External Intelligence
Malpedia: win.sectop_ratResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.