Malicious PDF — malware analysis report

Static analysis result for SHA-256 b9532b49c3ce5ed4…

MALICIOUS

PDF

14.8 KB Created: 2020-03-18 16:31:25 +00:00 Authoring application: mPDF 5.7
MD5: 6e1e58fc89d5806bc4251189bfb65b82 SHA-1: 466342ae6910791ee3758e4edcc1aa85cd22b2dc SHA-256: b9532b49c3ce5ed43ac42df0cb374ab4aba20e527676530a1451840c7e8a7106
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF file contains a large number of embedded links, identified by the PDF_SEO_LINK_FARM heuristic. These links all point to a domain hosting what appear to be book titles, suggesting a lure to a content-rich website. No scripts were extracted from this sample. The primary attack pattern involves social engineering through a link farm.

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://lwoscmobook.myhome.cx/752475249524952425245/Dirty-Laundry-J-J-Graves-Mystery-5-by-Liliana-Hart.pdf
    • http://lwoscmobook.myhome.cx/252485241524452495244/Down-and-Dirty-J-J-Graves-Mystery-4-by-Liliana-Hart.pdf
    • http://lwoscmobook.myhome.cx/452455243524652415248/Dirty-Little-Secrets-J-J-Graves-Mystery-1-by-Liliana-Hart.pdf
    • http://lwoscmobook.myhome.cx/452455243524552495242/Whiskey-Rebellion-An-Addison-Holmes-Mystery-1-by-Liliana-Hart.pdf
    • http://lwoscmobook.myhome.cx/352455245524652415245/Whiskey-and-Gunpowder-An-Addison-Holmes-Mystery-6-by-Liliana-Hart.pdf
    • http://lwoscmobook.myhome.cx/352445248524352415245/Whiskey-Sour-An-Addison-Holmes-Mystery-2-by-Liliana-Hart.pdf
    • http://lwoscmobook.myhome.cx/252495246524752475246/Whiskey-for-Breakfast-An-Addison-Holmes-Mystery-3-by-Liliana-Hart.pdf
    • http://lwoscmobook.myhome.cx/252405242524452465245/Whiskey-You-re-The-Devil-An-Addison-Holmes-Mystery-4-by-Liliana-Hart.pdf
    • http://lwoscmobook.myhome.cx/452425240524752405240/Dirty-Laundry-by-Daniel-Ehrenhaft.pdf
    • http://lwoscmobook.myhome.cx/352405245524752475248/Dirty-Laundry-by-Tori-Carrington.pdf
    • http://lwoscmobook.myhome.cx/152465240524552425240/Dirty-Laundry-Cole-McGinnis-3-by-Rhys-Ford.pdf
    • http://lwoscmobook.myhome.cx/252465246524952495244/Dirty-Dirty-Nasty-Freaks-1-by-Callie-Hart.pdf
    • http://lwoscmobook.myhome.cx/752475249524952425249/All-About-Eve-by-Liliana-Hart.pdf
    • http://lwoscmobook.myhome.cx/152475243524752425240/Need-The-MacKenzie-Family-12-by-Liliana-Hart.pdf
    • http://lwoscmobook.myhome.cx/252495245524952435242/Cade-The-MacKenzie-Family-5-by-Liliana-Hart.pdf
    • http://lwoscmobook.myhome.cx/252485245524152415242/Scorch-The-MacKenzie-Family-11-by-Liliana-Hart.pdf
    • http://lwoscmobook.myhome.cx/152445248524752415242/Riley-The-MacKenzie-Brothers-3-by-Liliana-Hart.pdf
    • http://lwoscmobook.myhome.cx/252405247524052405244/Cooper-The-MacKenzie-Brothers-4-by-Liliana-Hart.pdf
    • http://lwoscmobook.myhome.cx/252465243524652495247/Sizzle-The-MacKenzie-Family-9-by-Liliana-Hart.pdf
    • http://lwoscmobook.myhome.cx/552435241524252455246/Cooper-The-MacKenzie-Family-4-by-Liliana-Hart.pdf
    • http://lwoscmobook.myhome.cx/152465240524552425240/Dirty

Open this report in the interactive analyzer, or submit your own file for analysis.