: Analysis suggests the archive often carries variants of the PlugX or ToneIns malware. PlugX is a modular Remote Access Trojan (RAT) used for data exfiltration, keystroke logging, and remote command execution.

: The malware modifies registry keys or creates scheduled tasks to ensure it remains active after system reboots.

: Once the user extracts "HogFarming.7z", they find what appears to be a legitimate document or application.

: Launching the primary file triggers the sideloading of a malicious component (often disguised as a library like MpsSvc.dll or similar).

: Heavy reliance on .7z or .rar formats to hide malicious .exe and .dll pairings from basic email scanners. Mitigation Recommendations

: Add "HogFarming.7z" and similar suspicious archive names to email and web filter blocklists.