General
-
Target
https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Trojan
-
Sample
250319-v6r57atjy7
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Trojan
Resource
win11-20250313-en
Malware Config
Extracted
modiloader
https://drive.google.com/u/0/uc?id=1TcSctGVBajYMA7CFDc158wpvqkpxmkhJ&export=download
Extracted
crimsonrat
185.136.161.124
Targets
-
-
Target
https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Trojan
-
CrimsonRAT main payload
-
Crimsonrat family
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
Revengerat family
-
RevengeRat Executable
-
Disables Task Manager via registry modification
-
Drops startup file
-
Executes dropped EXE
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
3Credentials In Files
3