MALICIOUS
162
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
T1204.002 Malicious Link
The PDF contains a mass external link farm and a specific lure related to payment redirection, indicating a Business Email Compromise (BEC) or phishing attempt. The primary malicious URL, 'https://ttraff.club/pify?keyword=delegation+matrix+template', is identified as a redirector. The document body, though heavily obfuscated, contains this URL and references to other PDFs hosted on 'static.usrfiles.com', suggesting a coordinated effort to distribute malicious content.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Payment redirection / bank-detail change lure high SE_PAYMENT_REDIRECT_LUREDocument describes new or changed bank, wire, ACH, IBAN, SWIFT, or routing instructions — a high-value business-email-compromise pattern
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/pify?keyword=delegation+matrix+template
- https://static.usrfiles.com/ugd/4542d9_4a09678fecb84d17afdf899a8fa3ff29.pdf
- https://static.usrfiles.com/ugd/b8c837_4ecd37ce575b4c098c3e4f48f0d4c8d3.pdf
- https://static.usrfiles.com/ugd/e2a635_bee10d0e0091402d8927e934ee26cf91.pdf
- https://static.usrfiles.com/ugd/96bf9d_a9e98f47156748f3bf711b87666cd38d.pdf
- https://static.usrfiles.com/ugd/f65518_b2fa5b1f35ec4ddcbd4d2022dbcdc414.pdf
- https://static.usrfiles.com/ugd/9edd50_187573b707d44407a83eb2582b1c7759.pdf
- https://static.usrfiles.com/ugd/b8c837_e62cfd464b1a416fb85931d185a71ad7.pdf
- https://static.usrfiles.com/ugd/c7ef1a_3fcdc12db79441c58d8c851379cd78f7.pdf
- https://static.usrfiles.com/ugd/a86d68_884121d207f842709b84e5a6178d8cc0.pdf
- https://static.usrfiles.com/ugd/f0f215_fa7edd17164f4d7080d99f6b2f57b6a6.pdf
- https://static.usrfiles.com/ugd/13ae68_b71ab90c22344f24a7552ae49a59b2ea.pdf
- https://static.usrfiles.com/ugd/162fe6_e94ac96934c44ce78b8f9641e6e5a8c3.pdf
- https://static.usrfiles.com/ugd/d2759c_2e3bab7f1703489ba54297ec35e3d3a9.pdf
- https://static.usrfiles.com/ugd/49be48_36ba6f8861c6459685ad3229d42da3cf.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005c89.bindf5b752743999d93330ab84ec960ae39d8830c2bcb09eee1bdd77ab996bfaef6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5C89 | 5028 bytes |
font_01_sfnt_off00006d99.bin966d49217b283b9e200bc2d9099d1c38019a712f6746b33591bffd83143dcf9d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6D99 | 10036 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.