Obfuscated JavaScript or Nothing, (Thu, Apr 9th)

This analysis describes a phishing-delivered, obfuscated Windows JavaScript (SHA256:a8ba9b...) that copies itself, creates scheduled-task persistence, and drops three PNG files; a PowerShell launcher decodes AES-encrypted blobs from those PNGs to produce a .NET DLL (SHA256:53c3e0...) which is injected into MSBuild to load a Formbook infostealer; the chain includes AMSI/ETW patching and provides multiple IOCs.