Malicious PDF — malware analysis report

Static analysis result for SHA-256 75e8b1e4c5af046b…

MALICIOUS

PDF

49.6 KB Created: 2020-12-18 06:50:18 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 269fe41edf08f485e277c9bcc7863b74 SHA-1: bf8371a6f17bf2980c98c14c397e707fe46be2bb SHA-256: 75e8b1e4c5af046b0e5c0357dc756c0339129c640ce5af5ad5b4c16b40b52f9d
152 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF contains a critical heuristic firing indicating it links to known malicious redirector infrastructure. The embedded URL, https://cctraff.ru/strik?utm_term=dana+desa+dihapuskan, is the primary indicator of malicious intent. The ML classifier and ClamAV detection further support the malicious nature of this file, suggesting it's a phishing or trojan delivery mechanism.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7180

Heuristics 3

  • PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINK
    PDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://cctraff.ru/strik?utm_term=dana+desa+dihapuskan
    • https://cdn-cms.f-static.net/uploads/4393521/normal_5fa4d3613b675.pdf
    • https://s3.amazonaws.com/debamijizozexo/17728145129.pdf
    • https://uploads.strikinglycdn.com/files/3e3927d5-74a8-47fd-8791-18869452b860/giwukijajes.pdf
    • https://static1.squarespace.com/static/5fbce344be7cfc36344e8aaf/t/5fbe0be34e98326c02d752cf/1606290405890/nomokigez.pdf
    • https://static1.squarespace.com/static/5fc0ed4f1452f90b7fe57e24/t/5fc5da633570fb44d1cd8337/1606802021366/empire_channel_on_directv.pdf
    • https://static1.squarespace.com/static/5fc546da405d5340f34687f1/t/5fd64613226e9048fab2957a/1607878169649/75437199355.pdf
    • https://static1.squarespace.com/static/5fc194132cf09257bd70d589/t/5fc396ac61e25426e1a64982/1606653615100/sharepoint_2010_end_user_guide.pdf
    • https://s3.amazonaws.com/vipinib/60333359504.pdf
    • https://static1.squarespace.com/static/5fc5d30b7848ba205d3a93a9/t/5fc7869248d5672cfb41e4f9/1606911634868/marvel_future_fight_mod_offline_apk_userscloud_download.pdf
    • https://s3.amazonaws.com/pukaridimupo/tategewatiji.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.