Lumma Stealer infection with Sectop RAT (ArechClient2), (Fri, Apr 17th)

This diary documents a Lumma Stealer infection obtained from a cracked-software site using a password-protected archive and an inflated, null-padded EXE, followed by deployment of Sectop RAT. The report includes the sample SHA256, file details, C2 domains discovered via sandboxing, and Sectop RAT C2 IPs/endpoints, illustrating a common cyber-crime distribution technique and providing actionable IOCs for detection and response.