Stealthy .NET Malware: Hiding Malicious Payloads as Bitmap Resources

Malware campaign uses steganography to conceal malicious payloads within bitmap resources in otherwise benign 32-bit .NET applications, capable of bypassing traditional security mechanisms and evading detection.
The initial malware sample uses a legitimate .exe file for an application named Windows Forms OCR before deploying a multi-stage chain of extracting, deobfuscating, loading and executing secondary payloads (dynamic-link libraries), eventually detonating the final payload (executable).
The final payload in this campaign is theRemIntel Keylogger, used to steal sensitive information such as usernames and passwords.
The use of steganography to conceal malicious payloads demonstrates the continued evolution of malware techniques and the need for proactive and adaptive security measures to defend against such threats.

Fast Feed