Once extracted and run, it employs —using a legitimate application to load a malicious DLL—to bypass security software [4, 5].
It establishes a connection to exfiltrate system data and receive further instructions [2, 5].
If you have encountered this file, it should be treated as a . It is designed for espionage and data theft , specifically targeting aerospace, defense, and financial sectors [1, 2].
: Often contains variants of the Aeris or Kaem malware families [2, 4].
is widely identified as a malicious archive associated with targeted cyberattacks, specifically linked to the Lazarus Group (a North Korean state-sponsored threat actor) [1, 2].
