Malicious PDF — malware analysis report

Static analysis result for SHA-256 70c83c1bc530fa3d…

MALICIOUS

PDF

61.2 KB Created: 2021-04-05 20:39:03 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-11-24
MD5: 852fe4efea323ecec1553dba3698c904 SHA-1: 492fde2625cc25788f268eee437e0e6710a16ba5 SHA-256: 70c83c1bc530fa3d7c269fce72969204d59fb1d6551348ef54030ecb8234133c
82 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF document contains a lure impersonating Amazon, directing users to a malicious URL for free Roblox codes. This indicates a credential phishing or scam attempt. The ML classifier also flagged the PDF as malicious, supporting this assessment.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6193

Heuristics 4

  • Brand-impersonation credential phishing lure high SE_BRAND_CREDENTIAL_PHISH
    Document impersonates a well-known consumer brand and uses account-security / verification language ('unusual activity', 'account on hold', 'verify your account') to steer the reader to a credential-harvesting link. Corroborated by: call-to-action link host does not match the impersonated brand: http://gaminggenerator.org/app/431946152/1-free-roblox-toy-codes.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://gaminggenerator.org/app/431946152/1-free-roblox-toy-codes PDF link annotation
    • http://nosocomium.rv.ua/images/how-to-get-robux-from-3-invites-free-nitro.pdfIn PDF document text
    • http://ns1.radiofacil.net/images/how-to-get-free-forgotten-knife-in-assasin-y-roblox.pdfIn PDF document text
    • http://soma.com.ua/images/roblox-cursor-hack.pdfIn PDF document text
    • http://www.nielsen2u.dk/images/roblox-life-ii-hacks.pdfIn PDF document text
    • https://www.cfdcnv.com/images/how-to-get-free-robux-not-fake-2021.pdfIn PDF document text
    • https://technospektr.com.ua/images/roblox-hack-item-free.pdfIn PDF document text
    • http://huananhai.net/images/how-do-you-get-a-roblox-account-and-hack-someones.pdfIn PDF document text
    • http://dshikr.ru/images/free-robux-call.pdfIn PDF document text
    • http://ghegamethu.vn/images/how-to-hack-to-get-robux.pdfIn PDF document text
    • http://evp-sanorlenok.ru/images/hack-na-robux-bez-podawania-numeru-telefonu.pdfIn PDF document text
    • http://standart-lab.ru/images/easy-free-robux-com.pdfIn PDF document text
    • https://sitam.co.in/images/free-money-codes-for-roblox.pdfIn PDF document text
    • https://ccej.lviv.ua/images/boku-no-roblox-remastered-cheat-chose-quirks.pdfIn PDF document text
    • https://amatq.ca/images/free-item-scripts-roblox-tampermonkey.pdfIn PDF document text
    • http://alexanderautos.co/images/roblox-free-robux-copy-paste.pdfIn PDF document text
    • https://www.utalii.ac.ke/images/how-do-you-get-robux-for-free-on-laptop.pdfIn PDF document text
    • http://lanoblaie.fr/images/how-to-get-roblox-for-free-on-ipad.pdfIn PDF document text
    • http://www.lycee-langevin-wallon.com/images/roblox-terminator-genisys-cheat-codes.pdfIn PDF document text
    • http://www.rezbb.sk/images/how-to-hack-players-in-roblox.pdfIn PDF document text
    • http://solidkom.ch/images/free-robux-spam.pdfIn PDF document text
    • https://pneukalousek.cz/images/hack-roblox-pastebin-gui.pdfIn PDF document text
    • http://shahriyarclimb.com/images/roblox-extreme-hack-net.pdfIn PDF document text
    • http://lv-siegen.de/images/roblox-pokemon-go-2-cheats.pdfIn PDF document text
    • http://autenticohostalsalou.com/images/roblox-parkour-free-running-game-pass-for-free.pdfIn PDF document text
    • http://rushxpress.de/images/free-roblox-exploit-that-lets-you-use-gears.pdfIn PDF document text
    • http://cdescolapios.org/images/how-to-get-free-coins-on-murder-mystery-2-roblox.pdfIn PDF document text
    • http://cosver.eu/images/roblox-table-cheat-engine.pdfIn PDF document text
    • https://www.saisystem.it/images/butterfly-roblox-hack.pdfIn PDF document text
    • http://ghegamethu.vn/images/free-robux-2021-francais.pdfIn PDF document text
    • http://caraless.com/images/event-free-robux.pdfIn PDF document text
    • http://internetdeputy.com/images/free-robux-real-not-fake.pdfIn PDF document text
    • http://www.web.stc-part.co.th/images/roblox-phantom-forces-cheat-table.pdfIn PDF document text
    • http://techmobil.pl/images/roblox-hacking-software-free-download.pdfIn PDF document text
    • http://altc.de/images/roblox-theme-park-tycoon-2-money-hack.pdfIn PDF document text
    • http://www.exikom.com.ua/images/free-robux-injector.pdfIn PDF document text
    • http://italymania.ru/images/best-free-way-to-get-robux.pdfIn PDF document text
    • https://www.utalii.ac.ke/images/giving-away-free-roblox-account-with-robux.pdfIn PDF document text
    • http://force-seniorklub.dk/images/how-to-hack-roblox-with-inspect-element-2021.pdfIn PDF document text
    • https://www.europap.cz/images/roblox-build-a-boat-for-treasure-cross-hack.pdfIn PDF document text
    • http://a1scan3d.com/images/roblox-mobile-app-free-download.pdfIn PDF document text
    • http://salon-vyshyvanka.com/images/robloxcity-robux-free.pdfIn PDF document text
    • https://waterpark.by:443/images/pants-roblox-girl-free.pdfIn PDF document text
    • http://ferienwohnung-walker.de/images/roblox-case-clicker-hack-script.pdfIn PDF document text
    • http://briankellyforcongress.com/images/how-to-get-free-robux-onroblox-and-pastebin.pdfIn PDF document text
    • http://www.eurologistiki.gr/images/roblox-those-who-remain-hack-script.pdfIn PDF document text
    • http://legs11.co.za/images/games-that-give-you-free-robux-2021.pdfIn PDF document text
    • https://www.albisser.ch/images/roblox-hack-gamer.pdfIn PDF document text
    • http://svp-steinmaur.ch/images/roblox-cheat-android-1.pdfIn PDF document text
    • http://www.anies.eu/images/bloxblast-com-free-robux.pdfIn PDF document text
    +15 more URL(s)

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_003_off000084e2.bin decompressed-pdf-stream PDF FlateDecoded stream at offset 0x84E2 25736 bytes
SHA-256: 176fe23ad8e02679f3df1bba74cd301ddbd0d5bbce13a2295fd7de4ff70678e5
font_01_sfnt_off0000c084.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xC084 3884 bytes
SHA-256: 40b61f8938bd710dc29dc58ba3fde91c245a6a69596ec569b4d27c769ca417cf
font_02_sfnt_off0000cd2b.bin pdf-font-stream PDF embedded font (sfnt) at offset 0xCD2B 17832 bytes
SHA-256: c6e15521ee1fed1cc0ca07ad93dd9ad9d3fd66a26fabc3415677c77b4f80dfee