Malicious PDF — malware analysis report

Static analysis result for SHA-256 c1290b6740600c80…

MALICIOUS

PDF

13.3 KB Created: 2023-07-24 13:12:23 +03:00 Authoring application: iText® Core 7.2.5 (AGPL version) ©2000-2023 iText Group NV
MD5: 5a055cdd10b1e9781a6c0940a0fa3404 SHA-1: 0bce9d6f000d2d42c45108ba013c9107c4254cb4 SHA-256: c1290b6740600c80533b4e8f8172f15ca4b3d6d4faab96b56912782a98ac5518
60 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The PDF contains a direct link to a ZIP archive, identified as a critical heuristic. The document body text claims the file is password protected and provides a code, which is a common social engineering tactic to bypass security controls or trick users into downloading further malware. The linked ZIP file is the likely payload. The PDF itself is likely a lure to facilitate the download and execution of the malicious ZIP.

Machine Learning

  • Nyx PDF Classifier clean score 0.0050

Heuristics 2

  • PDF link points directly to executable/archive payload critical PDF_DIRECT_PAYLOAD_LINK
    PDF contains a clickable HTTP(S) URI whose path ends in an executable, script, shortcut, disk image, or archive extension. Documents can legitimately link to installers, so this is a high-risk delivery indicator rather than a standalone exploit fingerprint.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://files.catbox.moe/yq6x7f.zip

Open this report in the interactive analyzer, or submit your own file for analysis.