Malicious PDF — malware analysis report

Static analysis result for SHA-256 8b57e99dda73ee47…

MALICIOUS

PDF

67.6 KB Created: 2021-03-27 22:21:42 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 7943f4b4cb3719b5a7d00255d23d6d95 SHA-1: 4d3cbb6c406d606561d4ff86b05a0683c94acf1c SHA-256: 8b57e99dda73ee472220a53e06248a2379b5aff3a98130a142c626e62a948010
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is a PDF containing obfuscated text and multiple embedded URLs, one of which is directly referenced in the document body. ClamAV and an ML classifier flagged this PDF as malicious, specifically as a phishing trojan. The primary attack vector appears to be directing users to a malicious domain disguised as a grant information query.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6002

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://botokaw.ru/aws?utm_term=is+cal+grant+the+same+as+state+university+grant
    • https://cdn.sqhk.co/badiboxa/gdxXiiz/360_horror_vr.pdf
    • http://sesizuxewewax.mygamesonline.org/nubizadedafamemepofasof.pdf
    • http://ruwosiju.getenjoyment.net/explain_how_humans_depend_on_the_environment.pdf
    • https://cdn.sqhk.co/xatimonixu/IhdXlt7/56560983318.pdf
    • https://cdn.sqhk.co/sewuvavimebi/Vsibgdd/hockey_fights_cancer_jersey_blackhawks.pdf
    • https://cdn.sqhk.co/bogofuvizibu/ieXjdgd/vpn_server_korea_apk.pdf
    • http://bivaxosufuxibo.mygamesonline.org/what_are_rhetorical_devices_in_literature.pdf
    • https://cdn.sqhk.co/zefipuvuwifi/Lgdieha/shipping_manager_job_description.pdf
    • http://zovitidagawas.sportsontheweb.net/fagewalaxuda.pdf
    • https://uploads.strikinglycdn.com/files/c9b51fde-2b79-4303-bd33-2b5a304bf354/52961931015.pdf
    • https://s3.amazonaws.com/megodipewukitoj/48103496251.pdf
    • https://s3.amazonaws.com/kavugusepe/emotionally_intelligent_leadership_shankman.pdf
    • https://uploads.strikinglycdn.com/files/8bc9cea3-50ec-45f1-a0f3-8a3bc021d02f/dibizexesezemim.pdf
    • https://uploads.strikinglycdn.com/files/782dc5fe-808b-474d-9caf-de987a15e230/fundamentos_de_marketing_philip_kotler_y_gary_armstrong_descargar.pdf
    • https://s3.amazonaws.com/kigavanus/pijizi.pdf
    • https://s3.amazonaws.com/wokesabisevo/86819625436.pdf
    • https://s3.amazonaws.com/wujapu/39435742470.pdf
    • https://s3.amazonaws.com/fasudikek/how_to_close_a_income_summary_account.pdf
    • https://s3.amazonaws.com/nafoxuda/24557318899.pdf
    • http://wozimape.onlinewebshop.net/absite_fiser.pdf
    • https://s3.amazonaws.com/fenatagazise/clarinet_sheet_music_star_spangled_banner.pdf
    • https://uploads.strikinglycdn.com/files/f54a925e-8cc1-44ce-a296-65285d614dda/setup_fios_router.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.