The analysis examines the Wineloader backdoor, a modular malware attributed to the APT29 threat group, which allows further tools or modules to be downloaded through an encrypted command and control channel. It starts with a phishing email luring targets with a wine tasting event invitation. Executing the obfuscated HTA file downloads the Wineloader payload, which utilizes sideloading and creates scheduled tasks or registry entries for persistence. Techniques to deobfuscate the JavaScript code are provided to extract valuable intelligence from obfuscated payloads.