Tom discovers that a malware sample he is analyzing downloads a file from imgur.com and then executes an attack using Mimikatz, a powerful Windows password account theft tool. When he analyzes the image, he cannot detect any recognizable code. What technique has most likely been implemented in this scenario?

This real-world example was found in 2020 when malicious PowerShell code was discovered that had triple-encoded malicious tools. The initial package was downloaded as an image from imgur.com or similar sites and was concealed using steganographic techniques. The code was also encrypted using RSA and encoded in Base64 both prior to encryption and again after encryption. Although steganography is not incredibly common, Tom should suspect that a downloaded image may be more than it appears.