Sectoprat is a new.NET Remote Access Trojan (RAT) discovered on November 15th by the MalwareHunterTeam. While fairly lightweight at 243KB, this RAT is particularly nasty in its browser hijacking capabilities and persistence mechanisms. While obviously still under development, this malware can either stream the current desktop to give a live view of the infected victim’s screen, or it can create a new desktop which is invisible to the infected victim. The threat actor can then initialize a web browser that they can view and modify at their whim, but which is invisible to the legitimate user of the infected computer. For persistence, the malware saves itself to %LOCALAPPDATA%/Microsoft/spoolsvc.exe, and then installs a run key to run at startup, using this registry key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SFddg
5 Critical Criteria for evaluating Managed Detection & Response (MDR)
When evaluating a Managed Detection & Response (MDR) service there are 5 critical components that