Contact
113 El. Venizelou str & 12A Pittakou,
N.Ionia, Athina 142 31
Τel. +30-210-2757410
Fax. +30-210-2757071
e-mail: [email protected]
Business Registry No:124060601000
While simply downloading the archive is usually safe, extracting it or interacting with weaponized filenames can trigger malicious scripts or drop harmful executables like CovalentStealer or RingReaper . 3. Recommended Safety Actions
These malicious RAR files have been used to deliver the VShell backdoor , which executes in memory and masquerades as a kernel worker thread to stay hidden from system monitors.
Similar generic filenames (e.g., "doc.exe" inside a RAR) have been identified as 64-bit Windows executables designed to connect to remote IP addresses (such as 108[.]62[.]118[.]160 ) to establish a command-and-control connection. 2. Technical Risks of "doc41.rar"
While simply downloading the archive is usually safe, extracting it or interacting with weaponized filenames can trigger malicious scripts or drop harmful executables like CovalentStealer or RingReaper . 3. Recommended Safety Actions
These malicious RAR files have been used to deliver the VShell backdoor , which executes in memory and masquerades as a kernel worker thread to stay hidden from system monitors.
Similar generic filenames (e.g., "doc.exe" inside a RAR) have been identified as 64-bit Windows executables designed to connect to remote IP addresses (such as 108[.]62[.]118[.]160 ) to establish a command-and-control connection. 2. Technical Risks of "doc41.rar"
113 El. Venizelou str & 12A Pittakou,
N.Ionia, Athina 142 31
Τel. +30-210-2757410
Fax. +30-210-2757071
e-mail: [email protected]
Business Registry No:124060601000