MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2e879dd65f29a3785e37e1cc4c5dfe66e61c71e7304fc9d4fd1cf70fd660fce7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

MustangPanda

Vendor detections: 12

Intelligence 12 IOCs YARA 6 File information Comments

SHA256 hash:	2e879dd65f29a3785e37e1cc4c5dfe66e61c71e7304fc9d4fd1cf70fd660fce7
SHA3-384 hash:	ed15ce536e769eed53856e169c9e1a200cebcf03e77a42df440225104f1d8428951072790dfd33ed2b982cbfbc412b2c
SHA1 hash:	1dd1a423b4bf5c2bad0953873088b2aa5c9a53f8
MD5 hash:	b791c416988d068a3e548a0f21cd3518
humanhash:	freddie-sodium-autumn-purple
File name:	MNE_Readout_Alice_Rufo_Briefing_Ankara_Summit_22Jun2026.lnk
Download:	download sample
Signature	MustangPanda Create hunting rule
File size:	2'195 bytes
First seen:	2026-06-23 12:38:21 UTC
Last seen:	Never
File type:	lnk
MIME type:	application/x-ms-shortcut
ssdeep	48:8CvXFLa7iiHqpfVp2i8upIm+9Ih5VkEKp/NbYArIV2:8CvXFlWqzUrumO5VkEKpRPre
TLSH	T1D6416C0526F91711F3F35E36DDBBA2A1893A7ACAE5B5875D308C514A47A02049D17F33
Magika	lnk
Reporter	smica83
Tags:	apt lnk MustangPanda

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Malware configuration found for:

LNK

Details

Link:

https://research.acce.ciphertechsolutions.com/results/53ac8e96-cae6-4197-a0d8-78e1355beaa4/

Detection(s):

Sanesecurity.Malware.27118.LnkHeur.UNOFFICIAL

MiscreantPunch.INFO.LNK.CMDPSHELL.UNOFFICIAL

TwinWave.EvilLNK.OddLook.202207213.UNOFFICIAL

Verdict:

Malicious

Score:

90.2%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6a3a7e4f1548daf709f9238e

Tags:

infosteal xtreme shell sage

Result

Verdict:

Malicious

File Type:

LNK File - Malicious

Link:

https://app.docguard.net/2e879dd65f29a3785e37e1cc4c5dfe66e61c71e7304fc9d4fd1cf70fd660fce7/results/dashboard

Behaviour

BlacklistAPI detected

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

cmd evasive lolbin masquerade powershell smb

Link:

https://www.filescan.io/uploads/6a3a7e491d76d9ec961417e7/reports/5fbbf1c2-4905-4791-9c2b-72b5d8dfc8e3/overview

Verdict:

Malicious

Labled as:

Trojan/LNK.Agent

Link:

https://www.hybrid-analysis.com/sample/2e879dd65f29a3785e37e1cc4c5dfe66e61c71e7304fc9d4fd1cf70fd660fce7

Verdict:

Malicious

File Type:

lnk

First seen:

2026-06-23T09:48:00Z UTC

Last seen:

2026-06-25T06:43:00Z UTC

Hits:

~10

Detections:

HEUR:Trojan.WinLNK.Agent.gen

Link:

https://opentip.kaspersky.com/2e879dd65f29a3785e37e1cc4c5dfe66e61c71e7304fc9d4fd1cf70fd660fce7/results?tab=lookup

Result

Threat name:

n/a

Detection:

malicious

Classification:

n/a

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/1932562

Signature

Antivirus / Scanner detection for submitted sample

Joe Sandbox ML detected suspicious sample

Multi AV Scanner detection for submitted file

Obfuscated command line found

Windows shortcut file (LNK) starts blacklisted processes

Behaviour

Behavior Graph:

Download SVG

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/2e879dd65f29a3785e37e1cc4c5dfe66e61c71e7304fc9d4fd1cf70fd660fce7/

Verdict:

Malicious

Threat:

Trojan.WinLNK.Agent

Link:

https://tip.neiki.dev/file/2e879dd65f29a3785e37e1cc4c5dfe66e61c71e7304fc9d4fd1cf70fd660fce7

Threat name:

Shortcut.Trojan.Ravartar

Status:

Malicious

First seen:

2026-06-23 12:41:50 UTC

File Type:

Binary

Extracted files:

AV detection:

15 of 24 (62.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=f2dz3vs7fgrxqxrx4hgeyxp6m3tby4phgbh4tvh5dt3q7vta7ttq._file

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/260623-pvbq6scy4m/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Checks computer location settings

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/2e879dd65f29a3785e37e1cc4c5dfe66e61c71e7304fc9d4fd1cf70fd660fce7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Archive_in_LNK Create hunting rule
Author:	@bartblaze
Description:	Identifies archive (compressed) files in shortcut (LNK) files.

Rule name:	Execution_in_LNK Create hunting rule
Author:	@bartblaze
Description:	Identifies execution artefacts in shortcut (LNK) files.

Rule name:	LNK_sospechosos Create hunting rule
Author:	Germán Fernández
Description:	Detecta archivos .lnk sospechosos

Rule name:	Long_RelativePath_LNK Create hunting rule
Author:	@bartblaze
Description:	Identifies shortcut (LNK) file with a long relative path. Might be used in an attempt to hide the path.

Rule name:	PDF_in_LNK Create hunting rule
Author:	@bartblaze
Description:	Identifies Adobe Acrobat artefacts in shortcut (LNK) files. A PDF document is typically used as decoy in a malicious LNK.

Rule name:	SUSP_LNK_CMD Create hunting rule
Author:	SECUINFRA Falcon Team
Description:	Detects the reference to cmd.exe inside an lnk file, which is suspicious

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample