Malicious PDF — malware analysis report

Static analysis result for SHA-256 e50c5a3848cccba4…

MALICIOUS

PDF

48.0 KB Created: 2021-03-29 16:49:49 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-09-23
MD5: 8cab3e35181893c524bb2a164bd46a63 SHA-1: ca0810872e675d0bb7bb17041653c06d58be9cf8 SHA-256: e50c5a3848cccba42cc9d36844d69cb921c9583bcbc39abb9615861824390c6a
124 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1203 Exploitation for Client Execution

This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds a large number of external links characteristic of an SEO link farm. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7596

Heuristics 4

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARM
    Small PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://seumenha.ru/strik?utm_term=how+can+ahsoka+be+in+the+mandalorian PDF link annotation
    • http://bumasujofoj.getenjoyment.net/relaxation_techniques_for_stress_relief.pdfIn PDF document text
    • http://jarevine.mywebcommunity.org/toxofemeru.pdfIn PDF document text
    • http://luxshop21.site/what_does_split_mean_in_speedrunningvofaz.pdfIn PDF document text
    • http://risumeboze.getenjoyment.net/doa_ines_azorin.pdfIn PDF document text
    • http://barajofa.mywebcommunity.org/analfabetismo_en_guatemala.pdfIn PDF document text
    • http://piwofoterif.sportsontheweb.net/tifikubolewamatilovoberi.pdfIn PDF document text
    • http://duxinivodozular.mywebcommunity.org/agriculture_notes_in_english.pdfIn PDF document text
    • http://tuzojexis.mypressonline.com/81955013461.pdfIn PDF document text
    • http://sujabupinoda.scienceontheweb.net/surah_mulk_sheikh_mishary_mp3_download.pdfIn PDF document text
    • http://registrat.space/clash_of_kings_mod_warband_download2r7ev.pdfIn PDF document text
    • http://kanaxade.mygamesonline.org/sonib.pdfIn PDF document text
    • http://islta.fun/bhakti_bhajan_mp4_hd0p94c.pdfIn PDF document text
    • http://rasudilikid.mywebcommunity.org/kiwibisekowegisixekog.pdfIn PDF document text
    • http://wajofima.mywebcommunity.org/che_guevara_biography_malayalam.pdfIn PDF document text
    • https://caf0f927-206f-4b4e-aa34-0dd3da53679b.filesusr.com/ugd/83d902_a28f43114ef74e93a2b6c14dc75f6140.pdf?index=trueIn PDF document text
    • http://desujiruvomeb.myartsonline.com/82576433076.pdfIn PDF document text
    • https://0a9d52b7-bae8-445b-b6d2-8eba0f02533c.filesusr.com/ugd/729231_f7ebb26d36944e8fa16b462ff49386f3.pdf?index=trueIn PDF document text
    • https://557345b1-98c6-442d-b460-9e357c178e5b.filesusr.com/ugd/dfb5f8_f0f1149270ac4ce1ad6cf88fb8397e0e.pdf?index=trueIn PDF document text
    • https://9f9bd9fa-00fe-4673-b34e-9a629881f524.filesusr.com/ugd/09273f_793edd1941d44d7f95a8cf5841cbe329.pdf?index=trueIn PDF document text
    • https://add83a7c-0e31-48b3-928b-061d82ba9144.filesusr.com/ugd/205ae4_ab3a4354f2a3456abccd1d9d337dff3d.pdf?index=trueIn PDF document text
    • https://3fb740b9-71d8-4183-8edb-de11b68c0a29.filesusr.com/ugd/1fbf8b_5409d790b13d491888144965b0fcacb2.pdf?index=trueIn PDF document text
    • https://b23183eb-b2e5-455e-bc25-91fac1efd10f.filesusr.com/ugd/cc14e4_afb4be7077774f76a0a8f6a7125a0b1b.pdf?index=trueIn PDF document text
    • https://f79c4d19-9b07-4ca9-ba82-4f938217db57.filesusr.com/ugd/c0d3e8_0ac19dd61ec84d52918502b856f1d623.pdf?index=trueIn PDF document text
    • https://def26600-86c9-4442-a738-094ddf2992d1.filesusr.com/ugd/eb5a6a_ec556e4bfbfe440581d966854d2d6f9c.pdf?index=trueIn PDF document text
    • http://duziroro.myartsonline.com/linux_study_material_for_beginners.pdfIn PDF document text