.. /.Lnk

Executable

Double Click

Phishing

Contributors:

mr.d0x

Description:

LNK files are shortcuts for the files and can be used to open a URL. Just like URLs, LNK files can include an icon to display for the file and that can be leveraged for NetNTLM hash harvesting. They can also be used to reference executables (e.g. PowerShell.exe) allowing them to download and execute malware.

OS:

Windows

Recommendation:

“DisableThumbnailsOnNetworkFolders” and “DisableThumbnails” group policy settings. Set "Allow the use of remote paths in file shortcut icons" to 0 on group policy settings.

Resources:

https://www.opswat.com/blog/shortcut-lnk-files-may-contain-malware

https://www.trendmicro.com/en_ca/research/17/e/rising-trend-attackers-using-lnk-files-download-malware.html

https://www.mdsec.co.uk/2021/02/farming-for-red-teams-harvesting-netntlm/

.. /.Lnk

Contributors:

Description:

OS:

Recommendation:

Resources:

File Samples: