: Inside the archive, there is typically a malicious Windows Shortcut ( .lnk ). When a user double-clicks it, it executes a hidden command (often using cmd.exe or powershell.exe ).
: Use a reputable EDR (Endpoint Detection and Response) or Antivirus tool to perform a full system scan, preferably in Safe Mode. Bunk-Bed.7z
: The archive usually contains three main components: : Inside the archive, there is typically a
: A modular Remote Access Trojan (RAT) known for its use by various APT groups. : The archive usually contains three main components:
: The shortcut runs the legitimate executable, which unknowingly loads the malicious DLL ( DLL Sideloading ). This DLL then decrypts and runs the final payload in memory to avoid detection by traditional antivirus. Associated Malware Families
"Bunk-Bed.7z" is a known malicious archive file associated with , specifically those using "LNK" (Windows Shortcut) files to trigger a multi-stage infection process. Technical Analysis & Infection Chain