MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 77dec68adc9d69b54bb2121cdb1d0a188e4da2f750958062311f1be8133fa3b0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Arechclient2


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 77dec68adc9d69b54bb2121cdb1d0a188e4da2f750958062311f1be8133fa3b0
SHA3-384 hash: d3ca2e9ecdea702e92a44b104bf5a42f84b09f558b69c0575832591b2a37d7874e240c135425f16b0ac66b8066059ceb
SHA1 hash: 1c94ad568757b800a33a03b776d1c7d8ddd750f5
MD5 hash: 9c99db64db1c57360b6cb2f1b1be06b5
humanhash: leopard-cat-pluto-twelve
File name:SecuriteInfo.com.W64.ABTrojan.PWCT-7500.1285.27012
Download: download sample
Signature Arechclient2
Create hunting rule
File size:31'073'412 bytes
First seen:2025-11-09 15:27:56 UTC
Last seen:2025-11-09 16:20:45 UTC
File type:Microsoft Software Installer (MSI) msi
MIME type:application/x-msi
ssdeep 393216:VGRD5QLMDnGWOtsVn9BOXoSopOvtXncVYIb1zCwzC9cqEO3FNy/p1CPwDvt3uFXN:rtsVn9BOXoSsOvtXwYOBCwGBbn
Threatray 66 similar samples on MalwareBazaar
TLSH T10E67D016B2BA01A5D42BC1388997A727DB717811033087DB63E4DAB92F73BD02B7E745
TrID 62.1% (.MSI) Microsoft Windows Installer (454500/1/170)
15.4% (.MSM) Windows Installer Merge Module (113019/2/34)
8.3% (.MST) Windows SDK Setup Transform script (61000/1/5)
6.8% (.STW) STATISTICA Workbook (50000/1/5)
6.0% (.MSP) Windows Installer Patch (44509/10/5)
Magika msi
Reporter SecuriteInfoCom
Tags:Arechclient2 msi

Intelligence

File Origin
# of uploads :
2
# of downloads :
48
Origin country :
FR FR
Vendor Threat Intelligence
Verdict:
Malicious
Score:
90.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6910b31b3afb53888cca1ac0
Tags:
philis trojan hello
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug anti-vm base64 crypto datper expired-cert fingerprint installer overlay packed packed wix
Link:
https://www.filescan.io/uploads/6910b3148938e2fe22193fa6/reports/3db9a40c-cc2e-4de5-bf65-3a66e9901b16/overview
Verdict:
Malicious
Labled as:
Win64/TrojanDownloader.Rugmi
Link:
https://www.hybrid-analysis.com/sample/77dec68adc9d69b54bb2121cdb1d0a188e4da2f750958062311f1be8133fa3b0
Verdict:
Malicious
File Type:
msi
First seen:
2025-11-09T15:25:00Z UTC
Last seen:
2025-11-09T15:37:00Z UTC
Hits:
~10
Detections:
Trojan-PSW.MSIL.Reline.sb Trojan-PSW.MSIL.Reline.c Trojan.Win32.Strab.sb Trojan.Win32.Penguish.sb
Link:
https://opentip.kaspersky.com/77dec68adc9d69b54bb2121cdb1d0a188e4da2f750958062311f1be8133fa3b0/results?tab=lookup
Gathering data
Verdict:
Malicious
Threat:
Family.HIJACKLOADER
Link:
https://tip.neiki.dev/file/77dec68adc9d69b54bb2121cdb1d0a188e4da2f750958062311f1be8133fa3b0
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=o7pmncw4tvu3ks5scionwhikdche3ixxkckyayrrd4n6qez7uoya._file
Verdict:
malicious
Label(s):
sectoprat
Create hunting rule
hijackloader
Create hunting rule
Similar samples:
140ecf21d10354385de279ce0b5104078f251c096583d156f8627c623502a4ca
Arechclient2
2caa70d1b1c96ce8b1b4a8f85e4298f2b3f3fdba8ca3b9fa6d60ca561a1296b0
Arechclient2
4ceec9e93a1021697e5e23ac3e67cf886dadf683e3ddc40f7a2c770115027cbd
Arechclient2
6dd552765a28ec262d26a77e8838acf422b504d59c8c74ccc98c3680b8914134
Arechclient2
a78ffd85baef5049b36b9e694d41509aa3c9308a1ec5294c0ab5ae97eb95b18d
Arechclient2
a8a4d5359e832c8d0c8068f84e94d373ada45e8f3590ba02931000bcf37d3b11
Arechclient2
aee7978dc8889e53d9cbd36ff78c5c26d92e52365591accc0a7ba2afbcc40dbf
Arechclient2
ba699da64d44b039defd4f42340bc7bec888b8dcef135d5735f2af309ce8ce72
Arechclient2
df605aa20e6a2d09ceefd7db62e7ff24c6495007f5dc2a453e66a6dc8090b1d7
Arechclient2
e61a0c457a57eb941199d4461934f73a88db58ee64b74a28373f28c85d757c84
Arechclient2
error
Arechclient2
+ 56 additional samples on MalwareBazaar
Result
Malware family:
sectoprat
Create hunting rule
Score:
  10/10
Tags:
family:hijackloader family:sectoprat discovery persistence privilege_escalation rat spyware stealer trojan
Link:
https://tria.ge/reports/251109-swgklazlhl/
Behaviour
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Embeds OpenSSL
Event Triggered Execution: Installer Packages
Reads user/profile data of web browsers
System Location Discovery: System Language Discovery
Checks installed software on the system
Drops file in Windows directory
Executes dropped EXE
Loads dropped DLL
Suspicious use of SetThreadContext
Accesses cryptocurrency files/wallets, possible credential harvesting
Enumerates connected drives
SectopRAT
SectopRAT payload
Sectoprat family
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/82bbc26f-5fab-49d8-85c8-f3d82602a9bd
Malware family:
ArechClient2
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/77dec68adc9d/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Arechclient2

Microsoft Software Installer (MSI) msi 77dec68adc9d69b54bb2121cdb1d0a188e4da2f750958062311f1be8133fa3b0

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3701301/
  
Delivery method
Distributed via web download

Comments