SYMBOLCOMMON_NAMEaka. SYNONYMS
win.venom_lnk (Back to overview)

VenomLNK


VenomLNK is the initial phase of the more_eggs malware-as-a-service. It is a poisoned .lnk file that depends on User Execution and points to LOLBINs (often cmd.exe) with additional obfuscated scripting options. This typically initiates WMI abuse and TerraLoader, which can load additional functionality through various plugins.

References
2023-01-24eSentireJoe Stewart, Keegan Keplinger
Unmasking Venom Spider
More_eggs TerraPreter TerraLoader VenomLNK
2022-04-21eSentireeSentire Threat Response Unit (TRU)
Hackers Spearphish Corporate Hiring Managers with Poisoned Resumes, Infecting Them with the More_Eggs Malware, Warns eSentire
More_eggs TerraLoader VenomLNK
2021-04-05eSentireeSentire
Hackers Spearphish Professionals on LinkedIn with Fake Job Offers, Infecting them with Malware, Warns eSentire
More_eggs TerraPreter TerraLoader VenomLNK
2020-07-20QuoIntelligence
Golden Chickens: Evolution Oof the MaaS
More_eggs TerraLoader TerraStealer VenomLNK
2020-01-27QuoScientQuoScient
The Chicken Keeps Laying New Eggs: Uncovering New GC MaaS Tools Used By Top-tier Threat Actors
TerraRecon TerraStealer TerraTV VenomLNK

There is no Yara-Signature yet.