It uses a bundled unrar.exe to decompress the archive using the password 1q2w3e4r .
Reports detail specific techniques used when this file is present in an infection chain: SRC.rar
The src.rar archive typically contains a legitimate executable (e.g., lcommute.exe ) and a malicious DLL (e.g., mscorsvc.dll ). The goal is to use the legitimate program to "sideload" the malware into memory. It uses a bundled unrar
These tools focus on capturing keystrokes and clipboard activity, though they often lack built-in exfiltration, meaning the actors must use additional tools to steal the collected data. ⚠️ Common Benign Uses These tools focus on capturing keystrokes and clipboard
Programmers often name archives containing source code src.rar or src.zip .
Reports from Zscaler ThreatLabz link this file name to an arsenal of tools including CorKLOG , a keylogger.
In March 2024, AhnLab SEcurity Intelligence Center (ASEC) identified a dropper disguised as an installer for a Korean public institution. The dropper creates a compressed src.rar file.