Malicious LNK File Analysis
I noticed a LNK file uploaded to Malware Bazaar and wanted to take a look. It turns out to be an onion of obfuscated PowerShell that eventually leads to an executable (tagged as Colbalt Strike, though we won't go into the EXE in this video).
Sample on MalwareBazaar: https://bazaar.abuse.ch/sample/0135c4...
LnkParse3: https://pypi.org/project/LnkParse3/
☕ Buy Me A Coffee: https://www.buymeacoffee.com/0xdf
[00:00] Introduction
[01:04] Overview of file in Malware Bazaar
[02:00] Looking at lnk in a Windows VM
[03:11] lnkparse on file
[04:04] Downloading and unobfuscating layer 1
[05:20] Analysis of layer 1, unobfuscating layer 2
[07:55] Analysis of layer 2
[08:50] Accidentally download directory listing
[10:45] Looking at decoy PDF
[12:03] Comparing binaries from two tmp zip files
[12:54] Not going to RE binary here
[13:23] Looking up hashes in Malware Bazaar and VirusTotal
[14:56] Wrap up
Смотрите видео Malicious LNK File Analysis онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь 0xdf 07 Февраль 2023, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 3,866 раз и оно понравилось 149 людям.