The report analyzes PebbleDash, a backdoor historically associated with Lazarus and more recently observed in activity linked to Kimsuky. The malware appears to depend on a preceding loader or installation stage to place configuration data and persistence artifacts, including registry-stored configuration under a WMI Security path. Once running, PebbleDash can connect to C2 infrastructure and execute a broad command set, including information theft, command execution, file operations, remote-control tooling, and anti-forensic deletion. The sample also uses obfuscation, XOR decoding, encrypted strings, and encrypted network communication to complicate analysis and detection.