VERY IMPORTANT

This report provides an analysis of a recent phishing campaign distributing VenomRAT malware using multiple obfuscation techniques including ScrubCrypt batch files. The attackers send emails with SVG attachments to drop ZIP files containing obfuscated batch scripts. ScrubCrypt is used to decrypt and load VenomRAT, which retrieves additional plugins like Remcos and NanoCore from its C2 server. The campaign shows the threat actors' ability to evade detection and persist in victim systems.