VERY IMPORTANT

The article uncovers a campaign previously unknown and undocumented that uses HZ Rat as the payload of malicious RTF documents, two distribution methods, and multiple custom packers. HZ Rat itself is used as an initial access tool with limited capabilities like command execution and file upload. This research discloses that this malware was utilized for credential stealing and system reconnaissance.