Sample Analysis of Kimsuky's Attacks - Ink
Contents
Sample Analysis of Kimsuky's Attacks - Ink
Latest Research|November 26, 2024
The LNK file is a shortcut file in the Windows operating system, typically used to point to shortcut paths of programs, files, or folders. Malicious LNK files often appear as normal shortcut icons but are configured to execute specific command-line operations to carry out subsequent core payload execution. Due to the high concealment of LNK files, they constitute the highest proportion in all sample deliveries by Kimsuky.
This sample disguises itself as a document form and uses command lines to stealthily execute scripts. The sample emerged in early August 2024, and the creation and modification times within the LNK files are fabricated, making it impossible to determine the exact file generation time.
The LNK executes an obfuscated JavaScript (JS) script through the command line, reading the LNK's own data and saving it to a PowerShell script for execution. The obfuscated PowerShell script decrypts …
Latest Research|November 26, 2024
The LNK file is a shortcut file in the Windows operating system, typically used to point to shortcut paths of programs, files, or folders. Malicious LNK files often appear as normal shortcut icons but are configured to execute specific command-line operations to carry out subsequent core payload execution. Due to the high concealment of LNK files, they constitute the highest proportion in all sample deliveries by Kimsuky.
This sample disguises itself as a document form and uses command lines to stealthily execute scripts. The sample emerged in early August 2024, and the creation and modification times within the LNK files are fabricated, making it impossible to determine the exact file generation time.
The LNK executes an obfuscated JavaScript (JS) script through the command line, reading the LNK's own data and saving it to a PowerShell script for execution. The obfuscated PowerShell script decrypts …