MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6abe8ac677b13bde8953a47d54e874a6256049236dd39cc46bb39632efb8bf67. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6abe8ac677b13bde8953a47d54e874a6256049236dd39cc46bb39632efb8bf67
SHA3-384 hash: f4fd553ab527dec5c3f359bd68aaaaadab0634f50fbb6820b02ed21d4ac990584c2a505446e58e80ba91d29df742c57b
SHA1 hash: eaa21985c3ca14f114bfd21c9939e631da882e08
MD5 hash: 422bf81af2f0e461ede2020648217e16
humanhash: robin-july-sixteen-whiskey
File name:GSR_Requirements.pdf.lnk
Download: download sample
File size:2'652 bytes
First seen:2025-12-30 06:42:49 UTC
Last seen:2025-12-30 18:32:50 UTC
File type:Shortcut (lnk) lnk
MIME type:application/x-ms-shortcut
ssdeep 48:8NxPNN9tq1mAxWRrZDd0tEd27XuHQ1zdKvmTzT:8PNE8T2G4uih24
TLSH T19B51F12A0BE60B36E7F64270A8F3AA965637B986F4118F19508413841872628C8A5F7B
Magika lnk
Reporter __0XYC__
Tags:lnk nexnxky-info

Intelligence

File Origin
# of uploads :
2
# of downloads :
63
Origin country :
CH CH
Vendor Threat Intelligence
Malware configuration found for:
LNK
Details
LNK
a command line and any observed urls
Link:
https://research.acce.ciphertechsolutions.com/results/fc5aa5ea-d0f2-4a83-a1d4-0a66eeecd394/
Detection(s):
TwinWave.EvilLNK.OddLook.202207213.UNOFFICIAL
Create hunting rule

TwinWave.EvilLNK.OddLook.20221214.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
90.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6953748e7d915bf1778edffb
Tags:
infosteal
Result
Verdict:
Suspicious
File Type:
LNK File
Link:
https://app.docguard.net/6abe8ac677b13bde8953a47d54e874a6256049236dd39cc46bb39632efb8bf67/results/dashboard
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
lolbin masquerade msbuild
Link:
https://www.filescan.io/uploads/69537484127d6a14e0c7cf44/reports/db64ef96-73ac-4f76-97c8-843cb558ce75/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/6abe8ac677b13bde8953a47d54e874a6256049236dd39cc46bb39632efb8bf67
Verdict:
Clean
File Type:
lnk
First seen:
2025-12-30T04:02:00Z UTC
Last seen:
2025-12-30T04:13:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/6abe8ac677b13bde8953a47d54e874a6256049236dd39cc46bb39632efb8bf67/results?tab=lookup
Verdict:
inconclusive
YARA:
2 match(es)
Tags:
LNK
Link:
https://app.malva.re/file/422bf81af2f0e461ede2020648217e16
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6abe8ac677b13bde8953a47d54e874a6256049236dd39cc46bb39632efb8bf67/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/6abe8ac677b13bde8953a47d54e874a6256049236dd39cc46bb39632efb8bf67
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nk7ivrtxwe555cktur6vj2duuyswasjdnxjzzrdlwoldf35yx5tq._file
Gathering data
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/6abe8ac677b13bde8953a47d54e874a6256049236dd39cc46bb39632efb8bf67

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Long_RelativePath_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies shortcut (LNK) file with a long relative path. Might be used in an attempt to hide the path.
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:PDF_in_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies Adobe Acrobat artefacts in shortcut (LNK) files. A PDF document is typically used as decoy in a malicious LNK.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://x.com/__0XYC__/status/2005891200453136414?s=20

Comments