PureRAT is an advanced remote access trojan (RAT) characterized by its complex infection stages. The intrusion sequence is initiated by a malicious .LNK file that triggers a concealed PowerShell command to retrieve a heavily obfuscated VBS loader. This loader facilitates fileless payload delivery and secures its foothold on the system by leveraging the Task Scheduler to establish persistence. A critical component of this process is the use of steganography, where malicious portable executable (PE) files are concealed within legitimate-looking PNG images. To ensure successful execution and evade security measures, the malware employs advanced tactics, including a user account control (UAC) bypass via cmstp.exe and process hollowing into the legitimate Msbuild.exe binary. Furthermore, the malware conducts environment checks for VMware and QEMU to detect virtual analysis environments.