PDF malware analysis — malicious · f3ffb1760047013f

MALICIOUS

PDF

38.4 KB

MD5: 0083aab33d41f8cc2c6f799fefccfc5c SHA-1: 07afafb7d3d383b1b6528a702b6773134ae53e40 SHA-256: f3ffb1760047013f294fd403403771b8684cf7584aa1fc5198d60e712102c0b1

62 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1204.001 User Execution: Malicious Link

The PDF document uses a cloud document impersonation lure, attempting to trick the user into clicking an invisible link. This link redirects through an intermediary URL to a suspicious domain, likely to deliver a malicious payload or phish for credentials. No scripts were extracted from this sample.

Heuristics 3

Image-heavy PDF with invisible link to suspicious domain high PDF_SUSPICIOUS_LINK_LURE

PDF is a small image-heavy lure with invisible link annotations that send the user to a suspicious high-risk-domain URI. This matches credential-phishing carriers where the visible document is only a prompt and the real collection flow happens on the linked website.
URL https://solutiondrglobalsntechgroupsystems.zoomtechnologiuykes.vu
- http://eop.2020.net/Redirect.aspx?url=https://solutiondrglobalsntechgroupsystems.zoomtechnologiuykes.vu
Cloud document impersonation lure medium SE_CLOUD_DOC_LURE

Document impersonates a cloud file-sharing service such as SharePoint, OneDrive, Google Drive, Dropbox, Box, or Microsoft 365 and asks the user to open, verify, or access a shared document
External URI info PDF_URI

PDF contains an external URL action

URL https://example.com

Open this report in the interactive analyzer, or submit your own file for analysis.