Captures keystrokes (keylogging), browser credentials, and system metadata.

Implement strict SPF/DKIM/DMARC checks to flag suspicious external emails.

The user extracts bodagitana.7z , which contains an executable (e.g., .exe or .vbs ).

Primarily observed in Spanish-speaking regions (the name translates to "Gypsy Wedding"). ☣️ Infection Chain

Once run, the malware establishes persistence by modifying the Windows Registry or adding itself to the Startup folder.

The RAT connects to a Command and Control (C2) server to receive instructions, exfiltrate data, or download further payloads. 🔍 Technical Capabilities