PDF malware analysis — malicious · 52f346e0a5f0614b

MALICIOUS

PDF

296.9 KB Created: 2023-10-18 05:53:17 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3)

MD5: fe96be00268a054eda2c58e33c399670 SHA-1: 0be4933831c672d534becc6f8841f6e3d0bd2c6a SHA-256: 52f346e0a5f0614b86c4d12138aaea3b62894675a2a91e876dcf320ff1e3ac9b

62 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1059.001 PowerShell

The file was identified as malicious by ClamAV with the signature Pdf.Phishing.Trojan. A PDF URI heuristic fired, indicating the presence of an external URL within the document. This URL, https://lasepovebuf.femato.co.za/..., is likely used to host a phishing page or deliver a secondary payload.

Heuristics 2

ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
External URI info PDF_URI

PDF contains an external URL action

URL https://lasepovebuf.femato.co.za/8359603150975660460901?fezojobigakixosonexujaxalojurolurudemogakujopiwuxenibavasinomoluxobafukozefelosazanunutoj=xoxolepamerizejebexisavelomumubojivamuniwuvosedazidujamemunigizekudepubuxanuluxujununobuxamesedulafojukodifomotuzigozuzagojonozaxazipodijorepasixozubixevenibosigugomidagoxivivijojufatiduwafagenenipejugivumis&utm_kwd=administracion+de+medicamentos+por+via+topica+ventajas+y+desventajas&tedarubezatunuxebixulibenonegojopejafuz=bokikofesowivobipisanazewamim

Extracted artifacts 2

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`font_00_sfnt_off00044c58.bin` `e889a12ea6c7163356b70c9cd7d9ff3cdd9ca8a5723b92839e60f0a3604966f7`	pdf-font-stream	PDF embedded font (sfnt) at offset 0x44C58	18384 bytes
`font_01_sfnt_off00047b1e.bin` `36e4f9a25306cd54c586d3abe61661ca3e703399a0e6f6048ea994d6cba3f65e`	pdf-font-stream	PDF embedded font (sfnt) at offset 0x47B1E	10920 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.