: To conceal malicious payloads (such as backdoors or stealers) from security software like Windows Defender or traditional antivirus. Common Mechanisms :

: Used by malware such as Bankshot and BendyBear to resolve strings or decrypt payloads at runtime.

: Malware like the DarkCloud Stealer or DOPLUGS (a PlugX variant) often arrives in RAR files to bundle malicious payloads with legitimate files, such as game software or documents.

: Often utilized within PowerShell commands to hide malicious instructions.

: Techniques where CAB or RAR files are used to bundle and later expand executable content once on the target system. 2. Delivery via RAR Archives

MITRE ATT&CK Technique T1140 describes how adversaries deobfuscate or decode files or information that has been hidden or encrypted to evade detection.

: Attacks often begin with a phishing email containing a RAR archive or a PDF that downloads a RAR archive.