Malicious PDF — malware analysis report

Static analysis result for SHA-256 f630d18bedb17e47…

MALICIOUS

PDF

44.9 KB Created: 2021-03-14 06:34:58 +02:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7) First seen: 2021-09-18
MD5: 2cccdbc06cdd0ed48486e7c550b118dc SHA-1: 386150e2dd3b66b9d65ee81beeae266d9abb40cc SHA-256: f630d18bedb17e471e914a5be452688c95ee424832fed55f7bea259d0b292c9f
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7829

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://gimoguvi.ru/award?keyword=operacion+de+bodegas+logistica+y+cadena+de+suministro+pdf PDF link annotation
    • https://cdn.sqhk.co/ragonujip/deibifW/nfl_nfc_east_standings_2012.pdfIn PDF document text
    • http://circus.market/how_to_set_time_on_citizen_eco_drive_radio_controlledvxaoz.pdfIn PDF document text
    • http://ogranicbio.space/193653496358s0v7.pdfIn PDF document text
    • http://pufuwobexoz.iblogger.org/kuzanovowafulapixasigev.pdfIn PDF document text
    • https://cdn.sqhk.co/sobutexe/ggbhfFY/drift_mania_street_outlaws_apk_mod.pdfIn PDF document text
    • http://mesretly.xyz/texavepidobofolosezuwl74x5.pdfIn PDF document text
    • http://waystep.site/spt_12000_btu_window_air_conditioner_wa-1211slfjgh.pdfIn PDF document text
    • https://cdn.sqhk.co/natefisaka/icTCiiG/aj_blaze_and_the_monster_machines_costume.pdfIn PDF document text
    • http://solavopuna.22web.org/wowhead_jaina_mythic_guide.pdfIn PDF document text
    • https://s3.amazonaws.com/bodajaku/flower_of_life_symbol_photos.pdfIn PDF document text
    • http://vozotol.rf.gd/how_to_remove_sim_card_from_lg_v30.pdfIn PDF document text
    • https://s3.amazonaws.com/gateme/what_are_the_names_of_the_27_books_of_the_new_testament_in_order.pdfIn PDF document text
    • https://s3.amazonaws.com/dujepav/10606346065.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/2e883873-4f47-425e-852b-07bf068351e9/13259792370.pdfIn PDF document text
    • https://s3.amazonaws.com/jaloto/28537585794.pdfIn PDF document text
    • https://s3.amazonaws.com/purawuma/43590286018.pdfIn PDF document text
    • https://s3.amazonaws.com/fefurorobumi/broadcast_package_free.pdfIn PDF document text
    • https://s3.amazonaws.com/tuxexi/timakivexijibo.pdfIn PDF document text
    • https://s3.amazonaws.com/xonobijikivo/126039313.pdfIn PDF document text
    • https://uploads.strikinglycdn.com/files/cf0be4f0-1d83-4a2a-a5c2-7423fb47df4b/vasepuxiriko.pdfIn PDF document text