Stealth in Layers: Unmasking the Loader used in Targeted Email Campaigns

This analysis details a sophisticated commodity loader used in targeted email campaigns against Manufacturing and Government organizations in Italy, Finland, and Saudi Arabia. The campaign employs advanced techniques like steganography and trojanized libraries, delivering Remote Access Trojans (RATs) and Infostealers through a four-stage evasion pipeline and a novel UAC bypass.