Facture 2022.zip -

Upon execution, it injects code into legitimate Windows processes (like cvtres.exe or vbc.exe ) to hide its presence. 3. Malicious Capabilities Keystroke Logging: Records everything you type.

Allows the attacker to view your screen or upload further malware. 🚀 Recommended Actions If you downloaded it: Do NOT open the archive or run any files inside. Delete the file immediately and empty your Trash. If you already ran the file: Disconnect from Wi-Fi to stop data exfiltration. Run a full scan using Malwarebytes or Windows Defender. facture 2022.zip

Once the user unzips the file, they find a file like Facture_2022_8492.exe . Upon execution, it injects code into legitimate Windows

French-speaking users (due to the name "Facture" meaning "Invoice") Allows the attacker to view your screen or

Typically an .exe or .vbs file disguised as a document Goal: Credential theft and remote system control 🔍 Technical Analysis 1. Delivery Method

Attackers send claiming to be from legitimate vendors or service providers. The email urges the recipient to download the attached "facture 2022.zip" to view an unpaid invoice. 2. Execution Chain

The file is a known malicious archive used in phishing campaigns to distribute malware, specifically Quasar RAT or Agent Tesla . 🛡️ Executive Summary Threat Type: Phishing / Trojan