Date: 07/03/2025
Severity: Medium
Summary
Attackers are increasingly leveraging Windows shortcut (.lnk) files as a stealthy malware delivery method. These files, designed to provide quick access to other files or programs, are being weaponized to execute malicious payloads while mimicking legitimate shortcuts. A sharp rise in malicious LNK samples—from 21,098 in 2023 to 68,392 in 2024—highlights their growing use. By analyzing 30,000 recent samples, researchers uncovered how LNK files enable threat actors to bypass traditional defenses, exploit user trust, and deliver malware effectively.
Indicators of Compromise (IOC) List
Hash | a90c87c90e046e68550f9a21eae3cad25f461e9e9f16a8991e2c7a70a3a59156
08233322eef803317e761c7d380d41fcd1e887d46f99aae5f71a7a590f472205
9d4683a65be134afe71f49dbd798a0a4583fe90cf4b440d81eebcbbfc05ca1cd
a89b344ac85bd27e36388ca3a5437d8cda03c8eb171570f0d437a63b803b0b20
28fa4a74bbef437749573695aeb13ec09139c2c7ee4980cd7128eb3ea17c7fa8
fb792bb72d24cc2284652eb26797afd4ded15d175896ca51657c844433aba8a9
f585db05687ea29d089442cc7cfa7ff84db9587af056d9b78c2f7a030ff7cd3d
b2fd04602223117194181c97ca8692a09f6f5cfdbc07c87560aaab821cd29536
86f504dea07fd952253904c468d83d9014a290e1ff5f2d103059638e07d14b09
d1dc85a875e4fc8ace6d530680fdb3fb2dc6b0f07f892d8714af472c50d3a237
76d2dd21ffaddac1d1903ad1a2b52495e57e73aa16aa2dc6fe9f94c55795a45b
|
Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection
Detection Query 1 : | sha256hash IN ("9d4683a65be134afe71f49dbd798a0a4583fe90cf4b440d81eebcbbfc05ca1cd","b2fd04602223117194181c97ca8692a09f6f5cfdbc07c87560aaab821cd29536","08233322eef803317e761c7d380d41fcd1e887d46f99aae5f71a7a590f472205","a90c87c90e046e68550f9a21eae3cad25f461e9e9f16a8991e2c7a70a3a59156","a89b344ac85bd27e36388ca3a5437d8cda03c8eb171570f0d437a63b803b0b20","86f504dea07fd952253904c468d83d9014a290e1ff5f2d103059638e07d14b09","f585db05687ea29d089442cc7cfa7ff84db9587af056d9b78c2f7a030ff7cd3d","28fa4a74bbef437749573695aeb13ec09139c2c7ee4980cd7128eb3ea17c7fa8","fb792bb72d24cc2284652eb26797afd4ded15d175896ca51657c844433aba8a9","d1dc85a875e4fc8ace6d530680fdb3fb2dc6b0f07f892d8714af472c50d3a237","76d2dd21ffaddac1d1903ad1a2b52495e57e73aa16aa2dc6fe9f94c55795a45b")
|
Reference:
https://unit42.paloaltonetworks.com/lnk-malware/