Stick-em-up.rar
A single executable appeared, icon-less and generic. When he ran it, the screen didn't flicker or go black. Instead, his desktop icons began to drift. Slowly, the "Recycle Bin" and "My Computer" moved toward the center of the screen. Then, a low-bitrate voice, sounding like it was recorded through a tin can, rasped through his speakers: "Hands where I can see 'em, kid."
rule Stick_Em_Up_RAR_Dropper meta: description = "Detects malicious RAR archives containing JS/HTA with spoofed icons" author = "Threat Research" date = "2025-03-01" strings: $rar_header = "Rar!" $js_launch = "WScript.Shell" nocase $ps_invoke = "powershell" nocase $icon_spoof = "PDF" wide ascii condition: $rar_header at 0 and (2 of ($js_launch, $ps_invoke, $icon_spoof)) Stick-Em-Up.rar
Some claim that the file was created by a group of internet users who wanted to create a "Easter egg" β a hidden message or joke β for fellow netizens to discover. Others speculate that Stick-Em-Up.rar might be a remnant of an old game, software, or demo, which was never completed or released. A single executable appeared, icon-less and generic
The final payload never touches the diskβit runs directly in memory. This is why traditional file-based AV fails. The injected code can be anything from a banking trojan (like or RedLine ) to a full-fledged Cobalt Strike beacon. Slowly, the "Recycle Bin" and "My Computer" moved
