https://www.securitylab.ru/news/560237.php

One of the main features of the malware is its complex architecture. It is built
on a combination of Rust and Nim languages, which complicates its analysis and
detection. Infection begins with a Rust loader that injects a Nim binary
encrypted with the ChaCha20 algorithm into RAM. The DInvoke-rs library is used
for loading, allowing code to be executed directly from memory without being
written to disk. This effectively bypassed the signature-based protection of
antivirus programs.