Malicious PDF — malware analysis report

Static analysis result for SHA-256 266caf24c6426cb4…

MALICIOUS

PDF

56.4 KB
MD5: c79e8b4bddf261c4036ba4cf174a8db4 SHA-1: fed8594ad927cbe8ed7e3bf35f9049089bb5f552 SHA-256: 266caf24c6426cb4964f009bea519dc8ea4534298f285dc65a0c7124a186cb88
82 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The critical ClamAV heuristic indicates this PDF is a dropper. The 'Cloud document impersonation lure' heuristic further suggests a social engineering tactic to trick users into clicking a link. The extracted URL likely leads to the download of a secondary payload. No scripts were extracted from this sample.

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7240911-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7240911-0
  • Cloud document impersonation lure medium SE_CLOUD_DOC_LURE
    Document impersonates a cloud file-sharing service such as SharePoint, OneDrive, Google Drive, Dropbox, Box, or Microsoft 365 and asks the user to open, verify, or access a shared document
  • External URI info PDF_URI
    PDF contains an external URL action

Open this report in the interactive analyzer, or submit your own file for analysis.