MALICIOUS
102
Risk Score
Malware Insights
MITRE ATT&CK
T1539 Steal Application Data
T1059.001 PowerShell
The PDF document contains numerous external links, many of which are numerically slugged and hosted on unrelated domains, suggesting a link farm for SEO poisoning or phishing. The document body explicitly mentions 'Online pan card submit sbi bank', and a critical heuristic indicates an 'MFA / one-time-code harvesting lure'. This strongly suggests the document is designed to phish for credentials or session tokens by impersonating a financial institution. No scripts were extracted from this sample.
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
MFA / one-time-code harvesting lure high SE_MFA_LUREDocument asks for a one-time code, authenticator approval, or MFA confirmation — consistent with credential phishing kits that steal session tokens or abuse multi-factor authentication
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://74-123-75-61.mgwnet.com/uploads/1/3/0/2/130287727/130287727.html#online+pan+card+submit+sbi+bank
- http://mortonslawoffice.com/uploads/1/3/0/5/130590698/sonukuzabegonibi.pdf
- http://www.episcopalofsc.com/uploads/1/3/0/3/130313536/b085a260.pdf
- http://leslegendes-ca.com/uploads/1/3/0/6/130640018/7360818.pdf
- http://ptecsys.com/uploads/1/3/0/2/130287866/3569695.pdf
- http://www.briannatosswill.com/uploads/1/3/0/5/130540397/6634565.pdf
- http://1635education.org/uploads/1/3/0/4/130476866/berufererimivux_nibaji_gasejibi_rusufa.pdf
- http://millerwebdesignservices.evansconstructionconsultingllc.com/uploads/1/3/0/2/130272080/16b67.pdf
- http://meridenoildeliveries.com/uploads/1/3/0/3/130323157/fitugivupusogepex.pdf
- http://campusbets.com/uploads/1/3/0/7/130739113/momesoj-musikepow-rodapa.pdf
- http://www.votefortv.com/uploads/1/3/0/6/130604332/8145581.pdf
- http://startupspectacular.com/uploads/1/3/0/3/130323554/1080372.pdf
- http://thaisamesame.com/uploads/1/3/0/4/130488395/kuzixe.pdf
- http://www.tomdiviny.com/uploads/1/3/0/7/130739777/sojeji_xesivalijijiro_newesof.pdf
- http://www.getphotographed.net/uploads/1/3/0/6/130621205/xagivi-nepuwi-waworadovewuloj-wikivuveb.pdf
- http://faithtack.com/uploads/1/3/0/2/130272395/sojeluni-boxiz-gafem-vexivafi.pdf
- http://www.joes-auto-detailing.com/uploads/1/3/0/2/130289262/vomasomapo.pdf
- http://guardioesdeluz.com/uploads/1/3/0/6/130639807/bijekeketokapedugek.pdf
- http://cassandra-key.com/uploads/1/3/0/3/130323424/8b567.pdf
- http://live5tock.com/uploads/1/3/0/2/130292173/namom-xitawepugode-gibura-nutega.pdf
- http://castawaycruisers.com/uploads/1/3/0/4/130488861/rulexerovifiwu.pdf
- http://www.parakhin.name/uploads/1/3/0/6/130603994/fe393.pdf
- http://connectionsthruart.com/uploads/1/3/0/2/130289519/079d1562ea.pdf
- http://vmnh.store/uploads/1/3/0/3/130313564/d3017dcc.pdf
- http://h2robotics.org/uploads/1/3/0/5/130541465/nitejusata_kujilozakum.pdf
- http://vmnh.store/uploads/1/3/0/3/130313564/d3017dcc.pd
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007353.bina41e189c5bc8ce005c38e9e2b5129abc0f57a5abc0196127ff70c01b3752082d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7353 | 7548 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.