MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a critical heuristic firing for a malicious redirector link, directing users to 'https://ttraff.me/wix?keyword=st+louis+volleyball+tournament+2020'. Additionally, it features a large number of embedded external links, characteristic of a link farm, with many pointing to benign-looking PDF files hosted on cloud storage. The document body, though heavily obfuscated, contains the same tournament lure and the malicious URL.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=st+louis+volleyball+tournament+2020
- http://niruja.mcm-tc.com/uploads/1/3/1/6/131637679/vexakulavarewemo.pdf
- http://files.klodtap.com/uploads/1/3/0/8/130814254/4818312.pdf
- http://faropa.dreamhighstudio.com/uploads/1/3/1/4/131437423/9600353.pdf
- http://files.pipelinetheatre.com/uploads/1/3/1/6/131606494/rotakitopedileletef.pdf
- http://files.bethshalomtemple.com/uploads/1/3/1/4/131437295/6860749.pdf
- https://f834a791-648f-4e27-beb1-f4141a665fd2.filesusr.com/ugd/9c43ec_9217aa3b7ce84557b65535460e5b04cf.pdf?index=true
- https://ea0dd296-7bb6-4272-ac83-a28de3a464b2.filesusr.com/ugd/1715bf_6904572e9a8c49c8b0b9c6935c94bbb2.pdf?index=true
- https://4a7399e9-c6b5-4dbf-8d48-a2d083e3e348.filesusr.com/ugd/f63f29_df2dc012e7544acbb5dd48ba400619ca.pdf?index=true
- https://234d8835-afc2-4f02-829f-945d6d3a4d99.filesusr.com/ugd/0fdb6d_3734155089fb467c9b2f9d1d0b76546d.pdf?index=true
- https://b00a385b-7eb2-4afd-a881-25a3fe553bd2.filesusr.com/ugd/2f8cea_047984bc27d64e7491052d636eea5432.pdf?index=true
- https://2cc79cb6-2bfb-45f0-abfd-4adbd2ef43f9.filesusr.com/ugd/9fc8c3_24a9d4374df34593a00e4e2533864972.pdf?index=true
- https://f3d936f9-6e7f-4baa-8b1f-1e90fe4b2cf6.filesusr.com/ugd/db93e9_a0b1985ab99e438bbfba8fe08c57e599.pdf?index=true
- https://01b63c37-c14f-4a00-900e-f961d539b39e.filesusr.com/ugd/ef0078_51d43843f8e64927ae5f3afdef06a779.pdf?index=true
- https://cdn.shopify.com/s/files/1/0432/4474/8950/files/72271256944.pdf
- https://cdn.shopify.com/s/files/1/0439/6092/6366/files/ha_ash_discografia_completa_utorrent.pdf
- https://cdn.shopify.com/s/files/1/0427/8488/2844/files/hamilton_chernow.pdf
- https://cdn.shopify.com/s/files/1/0431/3602/4742/files/tuseritanabupesomis.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000069e4.bin3100d1c76347a310105b45eac0ba4e33c11f0d367c0ed12e6b5145370dc5c73b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x69E4 | 5392 bytes |
font_01_sfnt_off00007c1e.bin99242bfcaecdb49379fc3ee8b9d8c078e40fc0271d53cf9818cd817d089149a2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7C1E | 13352 bytes |
font_02_sfnt_off0000a66d.bincd94ef65598b1866d0653cdd88243d989fd81359c0e770c2d3a4858f1c2f6d34 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA66D | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.