Windows Shortcut (LNK) Malware Strategies

    Date: 07/03/2025

    Severity: Medium

    Summary

    Attackers are increasingly leveraging Windows shortcut (.lnk) files as a stealthy malware delivery method. These files, designed to provide quick access to other files or programs, are being weaponized to execute malicious payloads while mimicking legitimate shortcuts. A sharp rise in malicious LNK samples—from 21,098 in 2023 to 68,392 in 2024—highlights their growing use. By analyzing 30,000 recent samples, researchers uncovered how LNK files enable threat actors to bypass traditional defenses, exploit user trust, and deliver malware effectively.

    Indicators of Compromise (IOC) List 

    Hash

    a90c87c90e046e68550f9a21eae3cad25f461e9e9f16a8991e2c7a70a3a59156

    08233322eef803317e761c7d380d41fcd1e887d46f99aae5f71a7a590f472205

    9d4683a65be134afe71f49dbd798a0a4583fe90cf4b440d81eebcbbfc05ca1cd

    a89b344ac85bd27e36388ca3a5437d8cda03c8eb171570f0d437a63b803b0b20

    28fa4a74bbef437749573695aeb13ec09139c2c7ee4980cd7128eb3ea17c7fa8

    fb792bb72d24cc2284652eb26797afd4ded15d175896ca51657c844433aba8a9

    f585db05687ea29d089442cc7cfa7ff84db9587af056d9b78c2f7a030ff7cd3d

    b2fd04602223117194181c97ca8692a09f6f5cfdbc07c87560aaab821cd29536

    86f504dea07fd952253904c468d83d9014a290e1ff5f2d103059638e07d14b09

    ​​d1dc85a875e4fc8ace6d530680fdb3fb2dc6b0f07f892d8714af472c50d3a237

    76d2dd21ffaddac1d1903ad1a2b52495e57e73aa16aa2dc6fe9f94c55795a45b

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1 : 

    sha256hash IN ("9d4683a65be134afe71f49dbd798a0a4583fe90cf4b440d81eebcbbfc05ca1cd","b2fd04602223117194181c97ca8692a09f6f5cfdbc07c87560aaab821cd29536","08233322eef803317e761c7d380d41fcd1e887d46f99aae5f71a7a590f472205","a90c87c90e046e68550f9a21eae3cad25f461e9e9f16a8991e2c7a70a3a59156","a89b344ac85bd27e36388ca3a5437d8cda03c8eb171570f0d437a63b803b0b20","86f504dea07fd952253904c468d83d9014a290e1ff5f2d103059638e07d14b09","f585db05687ea29d089442cc7cfa7ff84db9587af056d9b78c2f7a030ff7cd3d","28fa4a74bbef437749573695aeb13ec09139c2c7ee4980cd7128eb3ea17c7fa8","fb792bb72d24cc2284652eb26797afd4ded15d175896ca51657c844433aba8a9","d1dc85a875e4fc8ace6d530680fdb3fb2dc6b0f07f892d8714af472c50d3a237","76d2dd21ffaddac1d1903ad1a2b52495e57e73aa16aa2dc6fe9f94c55795a45b")

    Reference:

    https://unit42.paloaltonetworks.com/lnk-malware/


    Tags

    MalwareLNKExploit

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags