Malicious PDF — malware analysis report

Static analysis result for SHA-256 9dd28e3fa4ef4828…

MALICIOUS

PDF

35.1 KB Created: 2020-05-31 20:01:06 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 783d4188313b87b6aa4f5f7bf5630f79 SHA-1: 50ba4fca949a0944e2516a89641340ce3cedb499 SHA-256: 9dd28e3fa4ef4828db469afb5cb577b7e088da7b5f197f303da1392cdd8ef444
62 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains a heuristic indicating a link farm and an embedded URI pointing to 'ahjf4ew.brdge.org'. The document body, though partially corrupted, contains text related to a wiring diagram and the suspicious URL. This suggests the document is designed to trick the user into visiting a malicious website by masquerading as technical documentation.

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://ahjf4ew.brdge.org/uploads/1/3/0/5/130550778/130550778.html#8145-20+timer+wiring+diagram
    • https://zogubaj.files.wordpress.com/2020/05/42621666002.pdf
    • https://tegulixu.files.wordpress.com/2020/05/11811806142.pdf
    • https://vasoponox.files.wordpress.com/2020/05/sigud.pdf
    • https://fagirixol.files.wordpress.com/2020/05/54061711154.pdf
    • https://sosinogezop.files.wordpress.com/2020/05/jogepexipozegebimapuko.pdf
    • https://murulejam.files.wordpress.com/2020/05/betuxukoni.pdf
    • https://jezalur.files.wordpress.com/2020/05/bepuxemasa.pdf
    • https://daritawaba.files.wordpress.com/2020/05/22425277555.pdf
    • https://vabogojup.files.wordpress.com/2020/05/kubufuwezoporiju.pdf
    • https://sovibabe.files.wordpress.com/2020/05/24991058325.pdf
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://ns.adobe.com/xap/1.0/rights/

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00005c93.bin
01a9e63f2b797d797abe58133755fef69b4733d9ed0310a0040b2d380e5aee42		 pdf-font-stream PDF embedded font (sfnt) at offset 0x5C93 10824 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.