Malicious PDF — malware analysis report

Static analysis result for SHA-256 c4578a242d119507…

MALICIOUS

PDF

46.5 KB Created: 2020-12-19 09:28:44 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-10-04
MD5: 0bbadda5e09a2ba60335dcafc7e9c8df SHA-1: 11793f369f0b3b8eed1c5249a3e709d73a4afaee SHA-256: c4578a242d119507e1c8d974791b4638075210f717cfb337e2abcb98986dbc62
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7492

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://traffking.ru/strik?utm_term=black+panther+google+drive PDF link annotation
    • https://pibazafefudo.weebly.com/uploads/1/3/0/7/130776509/6950500.pdfIn PDF document text
    • https://jobozisibipiw.weebly.com/uploads/1/3/4/5/134581899/ditogekekagixew_puzuxipewuzu_zibupitipanolir_wewimowudimov.pdfIn PDF document text
    • https://voxonevixes.weebly.com/uploads/1/3/4/3/134383310/bikevasenuw_savar_nomisuvovofowu.pdfIn PDF document text
    • https://rupunapu.weebly.com/uploads/1/3/4/3/134354814/legamolusojozojana.pdfIn PDF document text
    • https://fiwisito.weebly.com/uploads/1/3/4/7/134715438/470f0fd.pdfIn PDF document text
    • https://static1.squarespace.com/static/5fc0ed17f7cf8c75402b0ccf/t/5fc1b0f11972c46e3cde030c/1606529267915/mochila_in_english.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/52235f02-dab3-49c4-bae0-2f7bae069115/warby_parker.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/c9773fb6-f213-4afe-bb0e-59d1975c1030/latunolemosedo.pdfIn PDF document text
    • https://static1.squarespace.com/static/5fbce344be7cfc36344e8aaf/t/5fbe12f59b1ed03538a27954/1606292214603/raised_on_country_lyrics_video.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/97915cc4-127d-40f1-9f36-23538dc0fdb6/66572160830.pdfIn PDF document text
    • https://static1.squarespace.com/static/5fc657d6bdb33045eee7419e/t/5fcd3459eb18547f4b8f28dd/1607283802176/get_some_bubble_tea.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/8e31ee48-13c3-4ab4-bddb-7108b45c652a/tobixepebisuxagivirijab.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/eb73db10-992a-4c6d-bab8-ee4570a7664b/how_to_use_bow_mhw.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/29fbe964-7516-4d6c-9c6a-db2049b824e6/dantdm_the_diamond_minecart_imposters.pdfIn PDF document text