Malicious PDF — malware analysis report

Static analysis result for SHA-256 26c6a187500051d9…

MALICIOUS

PDF

47.3 KB Created: 2021-02-13 14:03:28 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-10-14
MD5: e9ef707effd27f37a6810271e4e92862 SHA-1: 25dc601dc0542d5f0b64850aca0d642439732c49 SHA-256: 26c6a187500051d9b1233d96bf681251f7a11abda27f442aae3a2c5221669565
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is a PDF that contains an embedded URI pointing to a suspicious domain, and it was flagged by a machine learning classifier and ClamAV as malicious. The document body, though heavily obfuscated, suggests a lure related to 'Sacs software manual pdf'. The presence of external URIs indicates an attempt to redirect the user to malicious content, likely for phishing or malware distribution.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6391

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://seumenha.ru/123?utm_term=sacs+software+manual+pdf PDF link annotation
    • https://cdn.sqhk.co/pemejurove/fn3jihf/angry_birds_2_tips_2019.pdfIn PDF document text
    • https://cdn.sqhk.co/fabozesemi/cOlV3he/tvet_policy_and_strategy_in_ethiopia.pdfIn PDF document text
    • https://static.s123-cdn-static.com/uploads/4443354/normal_5feea473c99c2.pdfIn PDF document text
    • http://hurleyshamburgers.com/the_nightshift_before_christmas14l9b.pdfIn PDF document text
    • https://cdn.sqhk.co/gasukatebu/hXJ9aFG/ragdoll_super_push.pdfIn PDF document text
    • https://cdn.sqhk.co/tojofelekob/jjih0i9/apple_music_download_windows.pdfIn PDF document text
    • http://crysety.xyz/61680850040wrxvg.pdfIn PDF document text
    • https://cdn.sqhk.co/lepavenujal/bhaThfo/xejaturazudefezatimenop.pdfIn PDF document text
    • https://cdn.sqhk.co/nozesinipi/aPhjgdq/flying_gorilla_cheesecake_factory_recipe.pdfIn PDF document text
    • https://cdn.sqhk.co/wanevakaxuma/bmiiBZi/19613145156.pdfIn PDF document text
    • https://s3.amazonaws.com/gavapozalilup/67773180695.pdfIn PDF document text
    • https://s3.amazonaws.com/kosamupim/16045337133.pdfIn PDF document text