THREATOPS
THREAT OPSThreat News › Inside .NET Loader Analysis: From Malspam to In-Memory Loader

Inside .NET Loader Analysis: From Malspam to In-Memory Loader

infohuntressPublished 2026-06-03

A malspam campaign abusing Google's DoubleClick delivers the loader through a five-stage chain that evades detection and blinds Windows telemetry before persisting

Original source: https://www.huntress.com/blog/malspam-to-loader-delivery-chain-analysis