Pl_bfrn.rar < Limited Time >

Look for new entries in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run .

Sends stolen data back to a Command and Control (C2) server via SMTP, FTP, or Telegram API. Indicators of Compromise (IoCs) PL_BFRn.rar

The user extracts the RAR and runs the hidden executable. and clipboard data.

Stealing credentials, keystrokes, and clipboard data. PL_BFRn.rar