CastleLoader Analysis: A Deep Dive into Stealthy Loader Targeting Government Sector

### Executive summary ANY.RUN's analysis details CastleLoader, a multi-stage stealthy loader used in campaigns against government and critical-infrastructure targets that leverages an Inno Setup installer and obfuscated AutoIt script to perform process hollowing (via jsc.exe) and deploy memory-only payloads (info-stealers and RATs); the report provides static and dynamic analysis, extracted configuration and IOCs (file hashes, C2 http://94.159.113.32/service, mutex, user-agent), YARA detection rules, and MITRE ATT&CK mappings to support detection and response.