Sectoprat is a new.NET Remote Access Trojan (RAT) discovered on November 15th by the MalwareHunterTeam. While fairly lightweight at 243KB, this RAT is particularly nasty in its browser hijacking capabilities and persistence mechanisms. While obviously still under development, this malware can either stream the current desktop to give a live view of the infected victim’s screen, or it can create a new desktop which is invisible to the infected victim. The threat actor can then initialize a web browser that they can view and modify at their whim, but which is invisible to the legitimate user of the infected computer. For persistence, the malware saves itself to %LOCALAPPDATA%/Microsoft/spoolsvc.exe, and then installs a run key to run at startup, using this registry key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SFddg
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.