MALICIOUS
82
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.001 User Execution: Malicious Link
The file is a PDF document that contains multiple embedded URLs, some of which are associated with phishing lures. The heuristic SE_CALLBACK_LURE specifically indicates that the document prompts the user to call a phone number in a context designed to deceive them, aligning with callback phishing schemes. The ClamAV detection further supports its malicious nature. No scripts were extracted from this sample, limiting the analysis of its execution behavior.
Heuristics 4
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
Callback phishing phone lure medium SE_CALLBACK_LUREDocument asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://sacredandsovereign.com/uploads/1/3/0/6/130620509/bbf6118.pdf
- http://300wyandotte.com/uploads/1/3/0/6/130605387/971a8935.pdf
- http://kbkornholegames.com/uploads/1/3/0/6/130621956/vuzagixepisi.pdf
- http://impeachtrump.org/uploads/1/3/0/6/130620801/nuxaka.pdf
- http://trentriverdesigns.com/uploads/1/3/0/5/130588624/130588624.html#sustainability+report+bca
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00000fcc.binf75921abb3b1fd4fb396e9d6ce90abee39cf071fcd5bc2d934bfa7e6ea46130e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFCC | 8156 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.