Fake "Outstanding Statement of Account" (matching the "STA" prefix).
: Frequently used to deliver the final payload by downloading it from encrypted cloud storage links (like Google Drive or OneDrive). Indicators of Compromise (IoCs) sc24381-STAv12415353.rar
: Once the user extracts the .rar file, it typically contains a heavily obfuscated executable ( .exe ), a Screensaver file ( .scr ), or a JavaScript file ( .js ). Fake "Outstanding Statement of Account" (matching the "STA"
Credential theft, system reconnaissance, and data exfiltration. a Screensaver file ( .scr )
Urgent requests for "Payment Advice" or "Shipping Documents."
Windows-based systems, often delivered via spoofed invoices or shipping notifications. Infection Vector
the affected machine from the network if execution has already occurred.