DuneQuixote campaign targets Middle Eastern entities with malware
In this analysis we uncover a malicious campaign dubbed DuneQuixote that employs droppers disguised as the legitimate Total Commander installer to deliver a backdoor implant called CR4T. This implant available in both C/C++ and Golang versions grants attackers access to compromised systems enabling command execution file management and persistence through scheduled tasks. The campaign exhibits advanced evasion techniques including anti-analysis checks memory-only payloads and unique infrastructure designed for stealth. The primary targets appear to be government entities in the Middle East region