Outbound connections to unknown IP addresses on ports like 80, 443, or specialized ports like 10044. 6. Remediation Steps If you have interacted with this file: Disconnect: Take the machine offline immediately.
Steals saved passwords, auto-fill data, and credit card info from Google Chrome , Microsoft Edge , and Mozilla Firefox . File: hdx-home-beta-windows.zip ...
Steals Discord tokens and Telegram session files to bypass 2FA. C. Command & Control (C2) Communication Outbound connections to unknown IP addresses on ports
Upon extraction and execution of the contents within the ZIP file, the following stages typically occur: Steals saved passwords, auto-fill data, and credit card
The file is frequently identified in cybersecurity research and sandboxing environments as a container for malware , specifically associated with RedLine Stealer or Vidar Stealer campaigns . It is often disguised as a legitimate beta version of virtualization software (like Citrix HDX) to trick users into executing it.
Use a reputable tool like Malwarebytes or Microsoft Defender Offline.
Use hardware keys or app-based authenticators for all sensitive accounts.