Unpacking what's packed: DotRunPeX analysis

CERT analysis of a Polish-targeted malspam campaign that used a stolen corporate account to deliver a multi-stage .NET dropper (WPF-based) which unpacked a DotRunPeX/KoiVM-packed payload; dynamic debugging extracted AES keys to recover embedded AgentTesla and other stealer payloads, and the team released unpacking tooling, YARA rules and sample hashes to improve detection.