Snoozegnat.7z -

: An obfuscated configuration file containing Command & Control (C2) server addresses and sleep timers (hence the name "Snooze"). Execution Chain: How it Works

: A legitimate, digitally signed executable used for "DLL side-loading." By using a trusted binary, the attacker lowers the suspicion level of the initial process start. SnoozeGnat.7z

: To avoid behavioral analysis (sandboxing), the malware enters a long sleep state. It uses high-resolution timers to wait for several minutes—or even hours—before making its first network call. : An obfuscated configuration file containing Command &

: The legitimate launcher looks for its required library. Because gnat_api.dll is in the same folder, it loads the malicious version instead of the system version. SnoozeGnat.7z