Malicious PDF — malware analysis report

Static analysis result for SHA-256 2ec2d981739e4d4e…

MALICIOUS

PDF

50.6 KB Created: 2021-02-02 09:24:20 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-09-25
MD5: 7393eacf900e043dc02937f2242e191f SHA-1: 86961249d0ee4fcf54c5671f3aed506c94e0467c SHA-256: 2ec2d981739e4d4e58c0c94a9de137a58e05c34190f12117cccc627f83861eb8
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.8343

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://bologen.ru/aws?utm_term=endless+frontier+core+guide+2018 PDF link annotation
    • http://fagemolorano.iblogger.org/bed_bug_eggs_on_sheet.pdfIn PDF document text
    • https://static.s123-cdn-static.com/uploads/4504568/normal_6004b21cbfd60.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4406812/normal_5fdb9c7aa3767.pdfIn PDF document text
    • http://tusuvopub.22web.org/obligations_and_contracts_jurado.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4393763/normal_60170b620a8e5.pdfIn PDF document text
    • https://cdn-cms.f-static.net/uploads/4366347/normal_6018f2d7e0520.pdfIn PDF document text
    • http://nisogifamesada.epizy.com/ana_anticuerpos_antinucleares.pdfIn PDF document text
    • http://mokuzamiwebifet.epizy.com/lofofor.pdfIn PDF document text
    • https://s3.amazonaws.com/wupixufekijax/anydesk_for_mac_os_10._9._5.pdfIn PDF document text
    • https://s3.amazonaws.com/tumasun/nesegokigorarizawum.pdfIn PDF document text
    • http://poravilotizeve.epizy.com/precision_sheet_metal_works_bangalore.pdfIn PDF document text
    • http://lenepozomewu.epizy.com/96264584377.pdfIn PDF document text
    • http://ruxurosagogaru.epizy.com/84309981735.pdfIn PDF document text
    • https://s3.amazonaws.com/vigevot/63949236473.pdfIn PDF document text
    • https://s3.amazonaws.com/zumezeviwakiz/relaw.pdfIn PDF document text
    • http://vevisadoko.epizy.com/rexemovulepik.pdfIn PDF document text
    • http://fiwofitobuz.rf.gd/l2r_your_guide.pdfIn PDF document text
    • https://s3.amazonaws.com/napejaxosinages/30712481106.pdfIn PDF document text
    • https://s3.amazonaws.com/mekonulegipero/free_annual_credit_report_com_gov.pdfIn PDF document text
    • http://lirufuti.epizy.com/96430121936.pdfIn PDF document text
    • https://s3.amazonaws.com/muvazi/95079023806.pdfIn PDF document text
    • https://s3.amazonaws.com/pujinit/east_gippsland_television_guide.pdfIn PDF document text