Urelas: Leveraging alternate data streams in LNK files
Tags
| country: | Thailand United States Of America |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Scheduled Task - T1053.005 Powershell - T1086 Scheduled Task - T1053 |
Common Information
| Type | Value |
|---|---|
| UUID | 44eb9575-6454-487a-adbc-24a61ff69e6c |
| Fingerprint | 14229c5343ba0a99 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Nov. 28, 2024, 2:06 a.m. |
| Added to db | Nov. 28, 2024, 3:32 a.m. |
| Last updated | Dec. 23, 2024, 11:19 a.m. |
| Headline | Urelas: Leveraging alternate data streams in LNK files |
| Title | Urelas: Leveraging alternate data streams in LNK files |
| Detected Hints/Tags/Attributes | 44/3/32 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 171 | ✔ | Malware on Medium | https://medium.com/feed/tag/malware | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 37 | lolbas-project.github.io |
|
| Details | Domain | 2 | steamdb.info |
|
| Details | File | 2 | กา.pdf |
|
| Details | File | 26 | esentutl.exe |
|
| Details | File | 2335 | cmd.exe |
|
| Details | File | 1 | aaa.pdf |
|
| Details | File | 3 | devicecredentialdeployment.exe |
|
| Details | File | 3 | องทางอาญา.docx |
|
| Details | File | 1 | c:\users\public\file.exe |
|
| Details | File | 61 | file.exe |
|
| Details | File | 5 | idrinit.exe |
|
| Details | File | 1 | itopdatarecovery.exe |
|
| Details | File | 10 | main.ini |
|
| Details | File | 2 | steamdb.inf |
|
| Details | File | 5 | productstatistics3.dll |
|
| Details | File | 3 | studio.exe |
|
| Details | File | 1 | huter.exe |
|
| Details | File | 1 | sanfdr.bat |
|
| Details | File | 1 | c:\users\username\desktop\studio.exe |
|
| Details | File | 1 | c:\users\username\appdata\local\temp\sanfdr.bat |
|
| Details | File | 6 | v3lite.exe |
|
| Details | File | 2 | aylaunch.exe |
|
| Details | File | 1 | naveragent.exe |
|
| Details | File | 1 | hanuninstall.exe |
|
| Details | File | 1 | pmlauncher.exe |
|
| Details | File | 1 | netmarbleendweb.exe |
|
| Details | IPv4 | 2 | 122.155.28.155 |
|
| Details | IPv4 | 2 | 154.90.47.77 |
|
| Details | IPv4 | 1 | 112.175.88.207 |
|
| Details | Url | 2 | https://lolbas-project.github.io/lolbas/binaries/esentutl |
|
| Details | Url | 1 | https://steamdb.info/depot/2620311 |
|
| Details | Url | 1 | https://steamdb.info/publisher/orange |