The user extracts bodagitana.7z , which contains an executable (e.g., .exe or .vbs ).

Captures keystrokes (keylogging), browser credentials, and system metadata.

Allows attackers to take screenshots, access the webcam, and manipulate files.

Restrict the execution of .7z and .exe files from temp directories or email downloads via Group Policy.

Once run, the malware establishes persistence by modifying the Windows Registry or adding itself to the Startup folder.

Bodagitana.7z

The user extracts bodagitana.7z , which contains an executable (e.g., .exe or .vbs ).

Captures keystrokes (keylogging), browser credentials, and system metadata. bodagitana.7z

Allows attackers to take screenshots, access the webcam, and manipulate files. The user extracts bodagitana

Restrict the execution of .7z and .exe files from temp directories or email downloads via Group Policy. The user extracts bodagitana.7z

Once run, the malware establishes persistence by modifying the Windows Registry or adding itself to the Startup folder.