APT-C-48 (CNC), a South Asian government-backed APT group, has been targeting government, military, education, research, healthcare, and media sectors. They use spear-phishing emails with resume-related topics to deliver malicious payloads. The group modifies executable file icons to resemble PDF files and adds spaces to filenames to hide extensions. Upon execution, the malware downloads a decoy document and additional attack components. The sample employs anti-debugging and anti-VM techniques, self-deletion mechanisms, and establishes persistence through scheduled tasks. The attack pattern and tactics are consistent with previous APT-C-48 activities, particularly their focus on the education and research sectors.