Pl_bfrn.rar

Scans for credentials in Outlook, Thunderbird, and FileZilla. Screenshots: Periodically captures the user's screen.

The file is identified as a malicious archive, typically associated with Agent Tesla or Guploader malware campaigns . These files are often distributed via phishing emails disguised as business documents like purchase orders or price lists (hence the "PL" prefix). 🛡️ Technical Summary PL_BFRn.rar

Targets Chrome, Firefox, and Edge for saved passwords and cookies. Scans for credentials in Outlook, Thunderbird, and FileZilla

Email attachments with double extensions (e.g., PL_BFRn.pdf.exe ). 🔍 Behavior Analysis Execution Flow Scans for credentials in Outlook