VERY IMPORTANT

In this post, Morphisec will be covering CinaRAT loader's evasive TTPs (tactics, techniques, and procedures) that have been identified. Morphisec reviews different versions of multi-staged loaders that attempt to inject and execute CinaRAT within the victim's host memory. CinaRAT code is available on GitHub for download; generally it's just a rebranded QuasarRAT. Morphisec also focuses on the evasive components that allowed the attackers to sustain zero detection for such a long period of time on VirusTotal.