: Screenshots of your desktop and hardware specifications. Recommended Actions
: Once the ZIP is extracted and the executable inside is run, it attempts to bypass Windows Defender and establish a connection with a Command & Control (C2) server to exfiltrate your private data. Technical Breakdown Based on sandbox analysis of this file signature: dIVucrGnrEku.zip
: Revoke active "Logged In" sessions in your Google or Microsoft account settings, as attackers often use stolen cookies to bypass passwords. : Screenshots of your desktop and hardware specifications
: It often creates a scheduled task or adds itself to the Windows Registry "Run" keys to ensure it restarts every time the computer boots. Data Targeted : Browsers : Chrome, Firefox, and Edge login credentials. : It often creates a scheduled task or
: Sessions for crypto extensions (MetaMask, Phantom) and banking portals.
: After the machine is clean, change all passwords, especially for email, banking, and primary social media accounts. Enable Multi-Factor Authentication (MFA) on all platforms.
The file is a specific archive name that has recently appeared in cybersecurity circles, primarily associated with malicious distribution campaigns .