Inside a Multi-Stage Windows Malware Campaign
Essential information
- Published
- 20/01/2026 17:50
- Modified
- 20/01/2026 19:15
- Tags
- 2026-01-20 amnesia rat data theft defendnot hakuna matata multi-stage ransomware russia social engineering windows winlocker
- Related entities
- 11 observables, 26 techniques (mitre), 1 others
Description
A sophisticated multi-stage malware campaign targeting Windows users in Russia has been identified. The attack chain begins with social engineering lures and progresses to a full system compromise, including security bypass, surveillance, and ransomware delivery. It abuses Defendnot to disable Microsoft Defender and uses modular hosting across cloud services. The attack employs various techniques such as PowerShell scripts, obfuscated VBScript, and COM object manipulation. It deploys Amnesia RAT for data theft and surveillance, Hakuna Matata ransomware for file encryption, and a WinLocker component for system lockout. The campaign demonstrates how full system compromise can be achieved without exploiting software vulnerabilities, instead relying on social engineering and abuse of legitimate Windows features.