An file that downloads the final payload from a remote server [4, 6]. Typical Behavior (Infection Chain)
Once the user extracts and runs the file inside the archive, it executes a script [5]. 039-ch0c0l0.7z
The malware connects to a Command and Control (C2) server to receive instructions or upload stolen data [2, 3]. Recommended Actions An file that downloads the final payload from