VERY IMPORTANT

This blog post provides an in-depth technical analysis of a newly discovered malware loader called DodgeBox, which is attributed to the China-based advanced persistent threat (APT) actor APT41. DodgeBox incorporates various evasion techniques such as call stack spoofing, DLL sideloading, DLL hollowing, and environmental guardrails to evade detection. The analysis also highlights the similarities between DodgeBox and the previously known StealthVector tool associated with APT41, leading to the attribution of this new malware to the same threat actor with moderate confidence.