Malicious PDF — malware analysis report

Static analysis result for SHA-256 3696486e876b4d60…

MALICIOUS

PDF

16.0 KB Created: 2020-11-09 16:07:57 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: aad59527299029ffde1648edf6f1411a SHA-1: d560f4bce6be1ea15414ddebbd7095c70a105dfc SHA-256: 3696486e876b4d6051f40a20e7b2656dc00c807e92dc757e8d3ef4970fd87ecd
112 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF is identified as an image-only document designed as a lure, typical of phishing attacks. It contains a malicious redirector link pointing to 'https://cctraff.ru/strik?keyword=quadratic+function+equation+pdf', which is flagged as known malicious infrastructure. The ML classifier also strongly indicates maliciousness.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9981

Heuristics 3

  • PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
    PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
  • Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LURE
    PDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 16 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://cctraff.ru/strik?keyword=quadratic+function+equation+pdf
    • https://cdn-cms.f-static.net/uploads/4376086/normal_5f98d81591f3c.pdf
    • https://cdn-cms.f-static.net/uploads/4445103/normal_5fa1f041d72d9.pdf
    • https://cdn-cms.f-static.net/uploads/4387582/normal_5f920b397f529.pdf
    • https://cdn-cms.f-static.net/uploads/4375908/normal_5f8c69be27488.pdf
    • https://cdn-cms.f-static.net/uploads/4389586/normal_5fa12d482ba4e.pdf
    • https://cdn-cms.f-static.net/uploads/4371799/normal_5f8ef1f009d0e.pdf
    • https://cdn-cms.f-static.net/uploads/4413468/normal_5f945954eb785.pdf
    • https://uploads.strikinglycdn.com/files/fd6da762-f94a-4d2a-8c93-6caeafedcc21/occupational_therapy_frames_of_refer.pdf
    • https://uploads.strikinglycdn.com/files/10225ed1-9094-44f0-b59e-11caf6ad8bfe/undeniable_kevin_gates_cue_sheet.pdf
    • https://uploads.strikinglycdn.com/files/fe2d3dba-2833-4803-8518-9e258ca339e8/stick_run_hack_2019.pdf
    • https://uploads.strikinglycdn.com/files/e04295b6-22fd-4bdc-af6d-cbe42f38b0c1/tojudubekumadedufosok.pdf
    • https://uploads.strikinglycdn.com/files/fdf751b1-6055-405d-b226-b2e0ce60313a/lake_guntersville_fishing_report_august_2020.pdf
    • https://uploads.strikinglycdn.com/files/e454de93-1945-4d25-819d-b5a8880c327b/94315655906.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.