![]() Been a shortcut file it doesn’t look suspicious to an average user as the file is not EXE. The reason I got interested in this particular sample is how innocent this file looked and how convincing it was from a social-engineering standpoint. ![]() In this post we will Analysis the LNK file malware and uncover how attacker uses multiple layers of obfuscation to evade AV and finally dropping malicious binary, we will also look into how to de-obfuscate each layer and understand what the code is doing.įile we are analyzing is af6df15050dea1a756bb99bb0597d7072c2aee4c Motivation Recently a friend of mine shared an interesting Malicious sample, it was a Microsoft shortcut file (LNK file) which after clicking(execution) lead to infection, although I was not aware of this type of attack vector before doing a basic research on google I was surprised that there is an increase in this type of attacks since 2017.
0 Comments
Leave a Reply. |