MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1a16a08151ad1e698f53d70d36c0e5dafd9c2bbc3bd2710e5904f54b91aae128. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 12


Intelligence 12 IOCs YARA 5 File information Comments 1

SHA256 hash: 1a16a08151ad1e698f53d70d36c0e5dafd9c2bbc3bd2710e5904f54b91aae128
SHA3-384 hash: f434f4306b8f71dab4211320dc8964e977f5c462d2b61d1d8db09e1281622bfdcaffe08ce5c52359293378db783923e8
SHA1 hash: 43c4811b6c97191f358de49f2b639fcb547b145e
MD5 hash: bc2b214604bbb67b930e86de641d50fa
humanhash: oranges-south-hydrogen-bakerloo
File name:grok.txt.lnk
Download: download sample
File size:1'072 bytes
First seen:2026-06-20 20:04:20 UTC
Last seen:Never
File type:Shortcut (lnk) lnk
MIME type:application/x-ms-shortcut
ssdeep 24:87WJd67orApx+/FqH3hWkzZpS+/WrabS8c:8OS5QqxW+pSja2v
TLSH T1F511C0041E6A0328E3F2CD3B849BA32187327806FA328F1A01D186CC6858641FC25F2F
Magika lnk
Reporter smica83
Tags:lnk

Intelligence


File Origin
# of uploads :
1
# of downloads :
90
Origin country :
HU HU
Vendor Threat Intelligence
Verdict:
Malicious
Score:
90.9%
Tags:
virus overt sage
Result
Verdict:
Malicious
File Type:
LNK File - Malicious
Payload URLs
URL
File name
https://2xx2.org/leaks/a
LNK File
Behaviour
BlacklistAPI detected
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
cmd lolbin masquerade
Verdict:
Malicious
File Type:
lnk
First seen:
2026-06-15T13:48:00Z UTC
Last seen:
2026-06-22T11:48:00Z UTC
Hits:
~100
Detections:
Trojan.WinLNK.Agent.sb HEUR:Trojan.WinLNK.Agent.gen Trojan-Downloader.WinLNK.Agent.sb PDM:Trojan.Win32.Generic HEUR:Trojan.Multi.GenBadur.genw
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
64 / 100
Signature
Multi AV Scanner detection for submitted file
Uses an obfuscated file name to hide its real file extension (double extension)
Windows shortcut file (LNK) contains suspicious command line arguments
Windows shortcut file (LNK) starts blacklisted processes
Behaviour
Behavior Graph:
Verdict:
Malware
YARA:
2 match(es)
Tags:
Execution: CMD in LNK LNK LOLBin LOLBin:cmd.exe Malicious T1059.003 T1202: Indirect Command Execution T1204.002
Threat name:
Shortcut.Trojan.Generic
Status:
Suspicious
First seen:
2026-06-19 03:21:00 UTC
AV detection:
7 of 24 (29.17%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Behaviour
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Download_in_LNK
Author:@bartblaze
Description:Identifies download artefacts in shortcut (LNK) files.
Rule name:Execution_in_LNK
Author:@bartblaze
Description:Identifies execution artefacts in shortcut (LNK) files.
Rule name:LNK_sospechosos
Author:Germán Fernández
Description:Detecta archivos .lnk sospechosos
Rule name:Script_in_LNK
Author:@bartblaze
Description:Identifies scripting artefacts in shortcut (LNK) files.
Rule name:SUSP_LNK_CMD
Author:SECUINFRA Falcon Team
Description:Detects the reference to cmd.exe inside an lnk file, which is suspicious

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments



Avatar
commented on 2026-06-23 12:19:22 UTC

Payload URL:
https://2xx2.org/leaks/