Paypal-zolii-finalfantasy (1).zip — Trending

Targets gamers or individuals interested in digital goods, possibly mimicking a purchase confirmation for a game or DLC.

A local .html file that mimics a PayPal login screen to harvest credentials. 5. Recommended Actions PayPal-Zolii-FinalFantasy (1).zip

If you have not done so, avoid opening the archive. Targets gamers or individuals interested in digital goods,

Submit the hash or file to VirusTotal to check against known signatures. Recommended Actions If you have not done so,

Social Engineering / Potential Info-Stealer or Downloader. 3. Delivery & Social Engineering (The Lure) The attacker uses a "double-hook" strategy:

This report covers the analysis of a suspicious archive file, PayPal-Zolii-FinalFantasy (1).zip . The file is part of a social engineering campaign that uses trusted brand names (PayPal) and popular media (Final Fantasy) to trick users into executing malicious content. File Name: PayPal-Zolii-FinalFantasy (1).zip Format: Compressed ZIP Archive

Upon extraction, these types of archives often contain one of the following: