VERY IMPORTANT

CastleLoader is a sophisticated malware loader designed to deliver and install malicious components, primarily targeting government entities and critical infrastructure. It employs a multi-stage execution chain involving Inno Setup, AutoIt, and process hollowing to evade detection. The loader delivers information stealers and RATs, enabling credential theft and persistent access. The analysis reveals its stealthy nature, relying on memory-only payloads and API resolution via hashing. The malware's configuration, including C2 infrastructure, was extracted through reverse engineering, providing high-confidence indicators of compromise for detection and analysis.