Malicious PDF — malware analysis report

Static analysis result for SHA-256 53be8e6d7a278995…

MALICIOUS

PDF

2.55 MB Created: 2018-05-15 13:02:10 +05:30 Authoring application: Microsoft® PowerPoint® 2013
MD5: 5eb7f28b0b17d02609ad4fa55f35b890 SHA-1: c6dd41089d7d51af09cb63d40ad70dc79c25e31f SHA-256: 53be8e6d7a2789955ecf1672b211d95384c38e5178f3702e12f34e858a764faf
62 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The primary heuristic, SE_ADVANCE_FEE_SCAM_LURE, strongly indicates a social engineering attack designed to defraud the user. While the document body is heavily obfuscated, the heuristic suggests the content is crafted to mimic a lottery or prize notification, requiring the user to pay fees or provide information to receive the supposed winnings. The presence of external URIs, even if some are confirmed benign, is typical for phishing documents that may link to further malicious content or host the lure itself.

Heuristics 4

  • Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LURE
    Document contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
  • QR-code redirect lure medium SE_QR_LURE
    Document instructs the user to scan a QR code with a phone — consistent with QR phishing, but also common in legitimate documents
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://www.bb.org.bd/pub/annual/anreport/ar1415/full_2014_2015.pdf
    • http://www.mra.gov.bd/images/mra_files/News/mcinbd17082015.pdf
    • https://www.bb.org.bd/fnansys/mfi.php
    • https://www.afi-global.org/maya-declaration
    • http://www.futurestartup.com/2017/04/15/mobile-is-eating-bangladesh/
    • https://www.bb.org.bd/aboutus/draftguinotification/guideline/mfs_final_v9.pdf
    • http://finclusion.org/uploads/file/Bangladesh
    • https://www.bb.org.bd/fnansys/paymentsys/mfsdata.php
    • https://datamarket.com/data/set/28m2/bank-deposits-to-gdp
    • http://www3.asiainsurancereview.com/News/View-NewsLetter-Article?id=38834&Type=eDaily
    • http://www.cloudwell.co/
    • https://sslcommerz.com/
    • http://www.sfdw.org/
    • https://microensure.com/
    • https://www.bb.org.bd/aboutus/regulationguideline/bpss.pdf
    • http://www.cbrc.gov.cn/english/index.html
    • http://www.cgap.org/blog/new-accounts-china-drive-global-financial-inclusion-figures
    • http://english.gov.cn/premier/news/2017/09/27/content_281475889326684.htm
    • http://www.ocbcwhhk.com/webpages_cms/files/Investment
    • https://www.microfinancegateway.org/sites/default/files/mfg-en-paper-microfinance-in-china-mar-2010.pdf
    • http://www.cgap.org/sites/default/files/Brief-Chinas-Alipay-and-WeChat-Pay-Dec-2017.pdf
    • https://www.cgap.org/sites/default/files/Working-Paper-China-A-New-Paradigm-in-Branchless-Banking-March-2014_0.pdf
    • http://english.creditease.cn/products/Inclusive_Finance.html
    • https://www.dianrong.com/en
    • http://www.tongjubao.com/en
    • https://www.antfin.com/index.htm?locale=en_US
    • https://www.lu.com/
    • http://www.qufenqi.com/
    • https://www.betterthancash.org/tools-research/case-studies/social-networks-ecommerce-platforms-and-the-growth-of-digital-payment-ecosystems-in-china
    • https://www.yirendai.com/
    • https://www.99bill.com/seashell/html/corp/aboutus.html
    • http://www.pingan.cn/en/index.shtml
    • https://www.zhongan.com/
    • http://www.picc.com/
    • https://www.tongbanjie.com/
    • http://www.bnm.gov.my/
    • https://www.bnm.gov.my/documents/fi/publication/research/Malaysia
    • http://www.bnm.gov.my/files/publication/fsbp/en/BNM_FSBP_FULL_en.pdf
    • http://www.bnm.gov.my/index.php?ch=fs_mfs&pg=fs_mfs_bank
    • http://creditbureau.bnm.gov.my/
    • http://www.bnm.gov.my/guidelines/08_agent_banking/01_agent_banking_20150430.pdf
    • http://www.bnm.gov.my/index.php?ch=fs&pg=fs_mfs_dfi&ac=162
    • http://www.bnm.gov.my/index.php?ch=ps&pg=ps_mps_type&ac=177&lang=en
    • http://www.bnm.gov.my/index.php?ch=ps&pg=ps_mep_rise&ac=195&lang=en
    • http://www.bnm.gov.my/files/publication/ar/en/2016/ar2016_book.pdf
    • http://www.tabunghaji.gov.my/
    • https://www.bnm.gov.my/files/publication/fsps/en/2015/cp02_002_box.pdf
    • http://www.bnm.gov.my/index.php?ch=en_press&pg=en_press&ac=140&lang=en
    • https://www.thestar.com.my/business/business-news/2016/08/30/khazanah-malaysians-borrowing-too-much/
    • https://www.thestar.com.my/business/business-news/2017/02/13/household-debt-may-increase-warn-economists/
    +119 more URL(s)

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_117_off00109308.bin
d6de9741595d389dcccad93679fc471f304ab01a3938778384d460a1081816ab		 decompressed-pdf-stream PDF FlateDecoded stream at offset 0x109308 27800 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.