MALICIOUS
62
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
The ClamAV heuristic 'Pdf.Phishing.TtraffRobotInstall-7605656-0' indicates a phishing attempt. The document body references 'Kayla itsines 28 day healthy eating pdf' and includes multiple URLs pointing to PDF files, suggesting a lure to download malicious content. One of the embedded URIs directly points to a suspicious PDF hosted on 'bernardobellostudio.com'.
Heuristics 3
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://bernardobellostudio.com/uploads/1/3/0/5/130541186/dedupaligumisidawo.pdf
- http://mutethiajuniorschool.com/uploads/1/3/0/4/130436525/xawozoretow.pdf
- http://maska.org/uploads/2020/01/28/4703dbdc080612b.pdf
- http://kylaconner.com/uploads/1/3/0/3/130313588/zidexivas_dejasupepoxis.pdf
- http://annotalegal.com/uploads/1/3/0/2/130271051/a2ae5.pdf
- http://drpatty.net/uploads/1/3/0/2/130289284/130289284.html#kayla+itsines+28+day+healthy+eating+pdf
- https://passthefeels.wordpress.com/20...At
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00001093.bin0b403606836815dca9abdcedf9494167c02da076147c559eff106d4d6d34b28b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1093 | 8360 bytes |
font_01_sfnt_off00004962.bin448c4d4550ed59c7e8e80b6d66b986666620351883d23913e38401b861762e5b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4962 | 16368 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.