Primarily observed in Spanish-speaking regions (the name translates to "Gypsy Wedding"). ☣️ Infection Chain
If infected, isolate the host from the network, terminate the malicious process, and perform a full system wipe. bodagitana.7z
The user extracts bodagitana.7z , which contains an executable (e.g., .exe or .vbs ). The RAT connects to a Command and Control
The RAT connects to a Command and Control (C2) server to receive instructions, exfiltrate data, or download further payloads. 🔍 Technical Capabilities This report details the technical characteristics
Users receive a phishing email with a link to download a file or an attachment masquerading as wedding photos or invitations.
The file is an archive associated with the Boda Gitana malware , a remote access trojan (RAT) often distributed via phishing campaigns. This report details the technical characteristics, infection chain, and mitigation strategies for this threat. 🛡️ Threat Overview File Name: bodagitana.7z (sometimes seen as boda_gitana.7z ) Type: Compressed 7-Zip archive
Implement strict SPF/DKIM/DMARC checks to flag suspicious external emails.