Bicho_curioso.rar

Unusual outbound traffic to unknown IP addresses, often hosted on low-cost VPS providers. 6. Remediation and Prevention

The malware creates registry keys (e.g., in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ) to ensure it restarts whenever the computer boots. Bicho_curioso.rar

The .rar archive contains an executable file, often disguised with a fake icon (e.g., a PDF or image icon) and a double extension (e.g., Bicho_curioso.jpg.exe ). Unusual outbound traffic to unknown IP addresses, often

Unexpected entries in Run or RunOnce folders. Bicho_curioso.rar

Takes periodic screenshots of the desktop to capture sensitive information that might not be typed (e.g., virtual keyboards).

Sends stolen data back to the attacker’s server via encrypted HTTP or FTP channels. 5. Indicators of Compromise (IoCs) Filenames: Bicho_curioso.rar , Bicho_curioso.exe , Bicho.exe .