Malicious PDF — malware analysis report

Static analysis result for SHA-256 802f888cdd6ba730…

MALICIOUS

PDF

66.8 KB Created: 2021-03-24 04:33:58 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: b506780c574242ff96b3db7f972f59ab SHA-1: 696c275ab62d7db5f4d10f761f53f381247ce3fc SHA-256: 802f888cdd6ba73035724745f3cef27ac7cf390cb0945360dd19afc27002b3b3
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.007 JavaScript

The PDF contains an embedded URI pointing to a malicious domain, identified by ClamAV as Pdf.Phishing.Trojan. The ML classifier also flagged this PDF as malicious. The document body, though heavily obfuscated, appears to be a lure related to 'Bennie and the jets piano sheet music pdf', suggesting a phishing attempt to redirect users to the malicious URL.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9417

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://kuzutuzo.ru/award?keyword=bennie+and+the+jets+piano+sheet+music+pdf
    • https://cdn.sqhk.co/kelanadu/Bksgeje/75135216426.pdf
    • https://gimokubibal.weebly.com/uploads/1/3/4/5/134528069/2737904.pdf
    • https://cdn-cms.f-static.net/uploads/4383681/normal_60304103db101.pdf
    • https://cdn-cms.f-static.net/uploads/4424007/normal_603884cc19957.pdf
    • https://xateboduf.weebly.com/uploads/1/3/1/4/131483383/ligubemegurun_dajidagi.pdf
    • https://cdn.sqhk.co/denirinodo/a1hj7bg/49733156695.pdf
    • https://beponelife.weebly.com/uploads/1/3/1/1/131164358/xutuparom.pdf
    • https://cdn.sqhk.co/bumegukomuza/iavIbfd/27670070331.pdf
    • https://wafanipo.weebly.com/uploads/1/3/2/6/132695839/bubezadofiner.pdf
    • https://zoredufuno.weebly.com/uploads/1/3/4/6/134638801/zodoxugekolatetaw.pdf
    • https://cdn.sqhk.co/zawitagevute/iahjFhc/dessert_recipes_with_apples_easy.pdf
    • https://nukevokisoget.weebly.com/uploads/1/3/2/7/132711970/bapeseperipale_wuvenawet_sasal.pdf
    • https://static.s123-cdn-static.com/uploads/4416490/normal_6007e18652f2c.pdf
    • https://cdn.sqhk.co/fivukidado/icyiihi/jezasolutikaxituz.pdf
    • https://cdn-cms.f-static.net/uploads/4413566/normal_602e8112f21b1.pdf
    • https://cdn.sqhk.co/bisegepamitu/jc7Q5ji/beautiful_simple_css_buttons.pdf
    • https://suzazenesegi.weebly.com/uploads/1/3/0/7/130776168/povuxubigin.pdf
    • https://cdn.sqhk.co/zititepu/Nibuwmr/65483498407.pdf
    • https://static.s123-cdn-static.com/uploads/4369329/normal_5ff25b3e4751f.pdf
    • https://tebeneka.weebly.com/uploads/1/3/0/8/130874559/geroxula-rofigesovutomib-faletediguf-dasaxipun.pdf
    • https://fisikovomit.weebly.com/uploads/1/3/4/6/134652659/1e3c5e767eed73.pdf
    • http://www.ascendercorp.com/
    • http://www.ascendercorp.com/typedesigners.html
    • https://uploads.strikinglycdn.com/files/330b8422-ac57-42f2-9cf1-489fbf232009/faleloxetesebumugulazuwa.pdf
    • https://uploads.strikinglycdn.com/files/720ee7b5-a00a-49e6-b30a-b4b895bd9bbe/gidazamimoxekoseruto.pdf
    • https://uploads.strikinglycdn.com/files/fb85e8f7-058c-43f9-97ac-78e2f670ccb2/modern_family_scripts_download.pdf
    • http://scripts.sil.org/OFL

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000f0ca.bin
cd68bd8e0e851d01296c2707bb8bd0567848813cf6a440d7d1a744e7956dae28		 pdf-font-stream PDF embedded font (sfnt) at offset 0xF0CA 5392 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.