Malicious PDF — malware analysis report

Static analysis result for SHA-256 f59609669b86513a…

MALICIOUS

PDF

58.4 KB Created: 2021-03-17 06:15:55 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-07-07
MD5: 8b4008ef9ccc3eb11d0bccd3a720e151 SHA-1: e21178deec6682847df70b21c84d66b9a508d2a3 SHA-256: f59609669b86513a666f409c8e7a08b3c1b0c7e8d9806d018faf00c0f6361e29
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file is identified as malicious by ML classifiers and ClamAV, with a high risk score. It contains an embedded URI pointing to a suspicious domain, 'xezojetit.ru', which is likely used for phishing or malware distribution. The document body, though heavily obfuscated, suggests a lure related to downloading a 'biblia cristiana pdf'. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9907

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://xezojetit.ru/award?keyword=descargar+biblia+cristiana+pdf PDF link annotation
    • http://pixuvuxojatob.iblogger.org/coordinating_conjunction_practice_worksheets.pdfIn PDF document text
    • http://bojapebonan.22web.org/sijike.pdfIn PDF document text
    • http://bachanalytics.com/present_perfect_simple_exercises_3o_esoi786x.pdfIn PDF document text
    • http://lovelyhouse.online/bhaiya_bhaiya_malayalam_full_movie45s0e.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/cf7b910a-b368-4a99-b6ff-c384b4e479a4/wizards_and_warriors_3_nes_cheats.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/a81431de-db29-495c-ab5e-5b4a721e72b7/zejujelupebe.pdfIn PDF document text
    • https://s3.amazonaws.com/jikopot/jibexupovaxafarovigej.pdfIn PDF document text
    • http://movisupe.epizy.com/zumikajesatesu.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/424d7021-48ea-4660-b0ed-1e143c910ab6/22340180234.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/324f1dab-98c1-4483-8a4b-f54ee8537c0a/diferentes_tipos_de_organizadores_visuales.pdfIn PDF document text
    • https://s3.amazonaws.com/votuweroxigezog/guest_relations_coordinator_job_description.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/92fc6790-a2c5-466d-8196-623ae597fdcd/xidawar.pdfIn PDF document text
    • https://s3.amazonaws.com/desekusoxi/tajufonatozelumu.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/8747e086-61f1-483c-b7bb-17a3572be85b/jumanji_epic_run_mod_apk_1._4._0.pdfIn PDF document text
    • https://s3.amazonaws.com/fukepez/cch_axcess_manager.pdfIn PDF document text
    • https://s3.amazonaws.com/wewiro/b._ed_online_form_2018_odisha.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/e8eb4174-5f4d-4fa2-9b1c-7c1877edf7b8/59545425558.pdfIn PDF document text
    • https://s3.amazonaws.com/tofizo/nokia_beep_ringtone.pdfIn PDF document text