If executed, scan the system for new registry keys in HKCU\Software\Microsoft\Windows\CurrentVersion\Run .
Targets gamers or individuals interested in digital goods, possibly mimicking a purchase confirmation for a game or DLC.
Upon extraction, these types of archives often contain one of the following: PayPal-Zolii-FinalFantasy (1).zip
This report covers the analysis of a suspicious archive file, PayPal-Zolii-FinalFantasy (1).zip . The file is part of a social engineering campaign that uses trusted brand names (PayPal) and popular media (Final Fantasy) to trick users into executing malicious content. File Name: PayPal-Zolii-FinalFantasy (1).zip Format: Compressed ZIP Archive
Creates urgency regarding a financial transaction or invoice. If executed, scan the system for new registry
A local .html file that mimics a PayPal login screen to harvest credentials. 5. Recommended Actions
Shortcut files that execute PowerShell commands to download secondary payloads (e.g., Cobalt Strike, RedLine Stealer). The file is part of a social engineering
If you have not done so, avoid opening the archive.