Security teams faced a Windows campaign that quietly turned native tools against defenders, chaining AI-assisted loaders with archive tricks and fake antivirus scaffolding to slip under radar and land a remote access foothold without leaving obvious artifacts on disk, and the result revealed how quickly modern tradecraft blurred the lines between normal administration and intrusion. The runbook started with a Windows PE dropper that decrypted a batch file to stage a believable folder—names like C:\DragonAntivirus—before pulling a cloud-hosted .png that was, in practice, a RAR archive. From there the adversary leaned on tar, WinRAR, and legitimate binaries placed in odd ways to peel open successive layers, while a Python runtime disguised as ntoskrnl.exe unpacked and executed code staged under Lib\image, flashed a distraction PDF, and decoded itself through Base64, BZ2, and zlib gates to end in memory-only .NET execution.
From Masquerade To Remote Access
The infection chain read like a tutorial in living off the land. After the dropper wrote config.bat and built the faux AV directory, it fetched the cloud “image,” then abused Windows’ built-in tar to decompress it—an intentional choice to look routine. The package carried a supposed driver, AsusMouseDriver.sys, itself a passworded RAR; a JSON file co-opted as a batch loader; and a legitimate WinRAR executable planted without an extension. A secondary loader renamed and invoked WinRAR with a hardcoded password to expand a final-stage folder that mimicked Windows security components. At that point, a file named ntoskrnl.exe proved to be a bundled Python runtime that loaded an obfuscated payload from Lib\image, launched a decoy PDF, and executed with parameters that triggered layered decoding—Base64, then BZ2, then zlib—before marshal-loading a tiny bytecode tail from a 60+ MB filler blob. That bytecode injected into cvtres.exe, side-loaded a .NET module straight into memory, and sustained encrypted TCP C2 designed to frustrate static signatures and simplistic sandboxing.
The broader pattern showed how AI lowered the friction for building modular loaders, stacking encoders, and disguising content behind friendly formats and systemlike names. Native utilities and legitimate binaries—tar, WinRAR, cvtres.exe—gave the operation the appearance of normal activity, while cloud storage hosting blended traffic into expected workflows. For defense, behavioral telemetry outpaced signatures: script abuse that birthed suspicious folders, Python runtimes named like core system files, the odd pairing of tar and WinRAR in userland, and .NET assemblies surfacing inside signed processes such as cvtres.exe all mattered. Decoy PDFs and oversized blobs with small valid tails signaled staged de-obfuscation, and researchers shared hashes including 675D475B5C02CA834E83BE009E09DB7C and 33DD6D8FCFF3CA256F44A371FA3CF819 for context. This campaign underscored that effective next steps included tightening script provenance controls, constraining interpreter spawning, baselining archive workflows, alerting on memory-resident .NET inside signed binaries, and flagging encrypted outbound connections from unlikely processes; taken together, those measures offered the clearest path to early containment.
