PDF static analysis report

Static analysis result for SHA-256 2931c7afa7c5b68a…

SUSPICIOUS

PDF

169.6 KB Created: 2020-11-06 02:11:24 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-10-07
MD5: 631de8bd24af9f95cc5d7571e06ca64f SHA-1: 5f76ac9213a77e437a1f6735e7d01036181e4125 SHA-256: 2931c7afa7c5b68a8c52ae67f39ca96d724a2e440a5a3dfc7947005777406d17
34 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The sample is a PDF document that contains an embedded URL pointing to a suspicious domain. The ML classifier flagged this PDF as malicious with a high confidence score. The embedded URL is likely intended to redirect the user to a malicious site for further exploitation or phishing.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9929

Heuristics 2

  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://trafftec.ru/aws?keyword=region+14+esc+abilene PDF link annotation
    • https://dexetejitifite.weebly.com/uploads/1/3/4/5/134576896/d6f45.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4413113/normal_5f9ed0688351a.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4391899/normal_5f964ef7cbf7c.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4451753/normal_5fa48129ddac0.pdfIn PDF document text
    • https://vikumeniwexawud.weebly.com/uploads/1/3/0/9/130969440/fipabatekak-kagarusufulosab.pdfIn PDF document text
    • https://nikoxutaju.weebly.com/uploads/1/3/1/3/131378952/8c3237c.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4377120/normal_5f8ac8fe0363a.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4379473/normal_5f9240081e0a2.pdfIn PDF document text
    • https://s3.amazonaws.com/godoremitiwuja/2428077925.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/62bbd7a0-59ba-4514-a511-8e5345ce2153/34257167223.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/98776701-1afc-4e60-a6b2-aedda6549682/11605785326.pdfIn PDF document text