File: Airport.service.simulator.zip ... -

: Use Endpoint Detection and Response tools rather than standard antivirus, as these threats often bypass basic signatures.

: The malware injects its core code into a legitimate Windows process (like RegAsm.exe or MSBuild.exe ) to hide its activity from the Task Manager [5]. File: Airport.Service.Simulator.zip ...

: The archive typically contains a heavily obfuscated executable ( .exe ) or a Visual Basic script. Its primary goal is to deploy the Agent Tesla spyware, which specializes in stealing credentials from web browsers, email clients, and FTP servers [3, 4]. Execution Chain : Extraction : The user extracts the .zip content. : Use Endpoint Detection and Response tools rather

: The .zip archive is usually delivered via email, often disguised as a legitimate business inquiry, invoice, or service update related to airport ground handling or logistics [1, 2]. Its primary goal is to deploy the Agent

: Lists of specific file hashes (SHA-256) and C2 (Command and Control) IP addresses associated with the "Airport Service" campaign.

: A small "loader" runs, checking for debuggers or virtual environments to avoid detection by security researchers.