Poolfun_2.7z -
: Often contains variants of the Aeris or Kaem malware families [2, 4].
The file is typically used in "Job Seeker" or "Lure" campaigns, where attackers pose as recruiters to trick professionals into downloading and executing malware [1, 3]. Key Technical Features
: Distributed via social engineering, frequently through LinkedIn or WhatsApp messages offering fake job opportunities at high-profile firms [1, 3]. Execution Chain : PoolFun_2.7z
If you have encountered this file, it should be treated as a . It is designed for espionage and data theft , specifically targeting aerospace, defense, and financial sectors [1, 2].
Once extracted and run, it employs —using a legitimate application to load a malicious DLL—to bypass security software [4, 5]. : Often contains variants of the Aeris or
It establishes a connection to exfiltrate system data and receive further instructions [2, 5].
: The file often uses password protection (e.g., password "123") to prevent automated sandbox scanning and email gateway detection [1, 6]. Risk Assessment Execution Chain : If you have encountered this
The .7z archive contains a decoy document (e.g., a PDF resume) and a malicious executable [2].
: Often contains variants of the Aeris or Kaem malware families [2, 4].
The file is typically used in "Job Seeker" or "Lure" campaigns, where attackers pose as recruiters to trick professionals into downloading and executing malware [1, 3]. Key Technical Features
: Distributed via social engineering, frequently through LinkedIn or WhatsApp messages offering fake job opportunities at high-profile firms [1, 3]. Execution Chain :
If you have encountered this file, it should be treated as a . It is designed for espionage and data theft , specifically targeting aerospace, defense, and financial sectors [1, 2].
Once extracted and run, it employs —using a legitimate application to load a malicious DLL—to bypass security software [4, 5].
It establishes a connection to exfiltrate system data and receive further instructions [2, 5].
: The file often uses password protection (e.g., password "123") to prevent automated sandbox scanning and email gateway detection [1, 6]. Risk Assessment
The .7z archive contains a decoy document (e.g., a PDF resume) and a malicious executable [2].