VERY IMPORTANT

A sophisticated malware campaign employs DLL side-loading to deliver a Python bot. The attack begins with a ZIP archive containing a legitimate PDF reader executable and a hidden malicious DLL. When executed, the malicious DLL is loaded instead of the intended Microsoft one, altering the PDF reader's behavior. The malware then unpacks a Python environment, fetches the bot code from a Bitbucket repository, and establishes persistence through registry modifications. The attacker uses various techniques to bypass security controls, including renaming processes and implementing a Byte Order Mark. The campaign demonstrates advanced evasion tactics and leverages trusted applications to deploy its payload.