Malicious PDF — malware analysis report

Static analysis result for SHA-256 20aa39afd2de24ad…

MALICIOUS

PDF

61.1 KB Created: 2021-04-30 10:24:52 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 6737d77cf07b4ac8457dbe4b4258a9f0 SHA-1: 23a67386c0a35ac94545a675753eb2a3f5eeda8f SHA-256: 20aa39afd2de24ad102cca4e4dd2d5179368e2bed9f239f45856d7e773533226
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is a PDF that contains embedded URLs, one of which is flagged as potentially malicious. ClamAV detection and ML classification indicate malicious intent, specifically identified as a phishing trojan. The document body, though heavily obfuscated, suggests a lure related to a 'Destiny 2 hunter build guide', indicating a social engineering tactic to encourage download and opening of the malicious PDF.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7320

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://christembassydocklands.org/wp-content/plugins/super-forms/uploads/php/files/2507522715fe1cb2e8a334393e68f47e/ritozimoni.pdf
    • https://www.rydalmereprestige.com.au/wp-content/plugins/super-forms/uploads/php/files/a4ifai1vvr4uvscag5umj9jjdu/gepedasu.pdf
    • http://elenasteele.com/wp-content/plugins/formcraft/file-upload/server/content/files/1606cae06e2803---bijalafosorigafaxinigipi.pdf
    • http://www.sunarsurdurulebilir.com/wp-content/plugins/super-forms/uploads/php/files/k3q5rbd3h71t374f2o09l42bi5/62335528108.pdf
    • https://k-kompany.ru/wp-content/plugins/super-forms/uploads/php/files/b82401de1691820fc271f887827fb6f9/91833102888.pdf
    • http://hi-reid-solutions.com/wp-content/plugins/super-forms/uploads/php/files/697ce6b6e65985b9b56d43ff15ad4913/zibamaluwobipoxuzozipa.pdf
    • https://www.plsok.com/wp-content/plugins/super-forms/uploads/php/files/f7d6ab378db8fd7673da96cbdfd777d9/monipugexigedunupefikix.pdf
    • https://tecsal.com.br/wp-content/plugins/formcraft/file-upload/server/content/files/16082e7d804f28---gupox.pdf
    • https://brokenspoke.com/wp-content/plugins/super-forms/uploads/php/files/51523b6106211f6a4fff792639d438f0/sixedemuresakulani.pdf
    • http://intechsol.kz/wp-content/plugins/formcraft/file-upload/server/content/files/1607d7dad67224---98188953513.pdf
    • https://www.nuyew.academy/wp-content/plugins/super-forms/uploads/php/files/0c9a67e42ebe530ce295439dcda359f2/jeruxa.pdf
    • http://www.combatsim.eu/wp-content/plugins/formcraft/file-upload/server/content/files/1607c3b7200bf4---40411092530.pdf
    • https://completecollegestrategies.com/wp-content/plugins/super-forms/uploads/php/files/6602655c1b8ec5be0f4098490e0d9270/sajujipunifewirogisa.pdf
    • https://hoffmanowska.pl/wp-content/plugins/formcraft/file-upload/server/content/files/1607e56ea6b4b8---vedanotipufodo.pdf
    • https://monacollection.ua/wp-content/plugins/super-forms/uploads/php/files/373c93a817e5cb975d77bbe318926526/9039049120.pdf
    • http://opalsolar.com.au/wp-content/plugins/formcraft/file-upload/server/content/files/1607c3db6129ab---71863644407.pdf
    • https://wentworthre.com/wp-content/plugins/super-forms/uploads/php/files/6accdcd31c7c40d48e58deda44ab76cd/wiwaz.pdf
    • https://feedproxy.google.com/~r/1eyvgo/aqOO/~3/zMnd8XtcwSM/uplcv?utm_term=destiny+2+hunter+build+guide

Open this report in the interactive analyzer, or submit your own file for analysis.