Threat Intelligence Report

Masked in Memory: A Hidden .PYC fragment utilises cvtres.exe to communicate with C&C - K7 Labs

📅 November 25, 2025 📰 labs.k7computing.com 🔍 0 CVE(s) referenced

A highly obfuscated Python-based malware leverages multi-stage encoding, masqueraded file types, and process injection into a trusted Windows binary to stealthily download a .NET RAT component, maintain persistent C2 communication, and evade detection.

vendor

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap

🎯 IOC Extraction

⚔️ MITRE ATT&CK TTPs

📦 STIX 2.1 Bundle