Overview

overview

10

Static

static

10

dabapkapka...ka.apk

android-9-x86

1

LenovoSafeBox455.apk

android-9-x86

1

LenovoSafeBox455.apk

android-10-x64

1

LenovoSafeBox455.apk

android-11-x64

1

busybox

debian-9-armhf

1

toolbox

ubuntu-18.04-amd64

LenovoSafe...15.apk

android-9-x86

1

LenovoSafe...15.apk

android-10-x64

1

LenovoSafe...15.apk

android-11-x64

1

aresEX.dat

debian-9-armhf

1

athena

debian-9-armhf

athena_v2.dat

debian-9-armhf

c

debian-9-armhf

3

c_x86

ubuntu-18.04-amd64

1

competing_su

debian-9-armhf

3

competing_x86

ubuntu-18.04-amd64

3

cputest

ubuntu-18.04-amd64

firewall.dat

debian-9-armhf

godEX.dat

debian-9-armhf

injectso_arm

debian-9-armhf

injectso_x86

ubuntu-18.04-amd64

iptables

debian-9-armhf

libphonehook_armv6.so

debian-9-armhf

1

libphonehook_armv7.so

debian-9-armhf

1

libphonehook_x86.so

ubuntu-18.04-amd64

1

libsystemh...mv6.so

debian-9-armhf

1

libsystemh...mv7.so

debian-9-armhf

1

libsystemhook_x86.so

ubuntu-18.04-amd64

1

nb.apk

android-9-x86

nb.apk

android-10-x64

nb.apk

android-11-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dabapkapkapkapkapkapkapka.apk

  • Size

    7.0MB

  • Sample

    230710-w29ecacf76

  • MD5

    29183814f45616d831fdc139e3113718

  • SHA1

    aa47b601dd3a01cf0ec5e2e6da5c4f90c49ba71d

  • SHA256

    144778790d4a43a1d93dff6b660a6acb3a6d37a19e6a6f0a6bf1ef47e919648e

  • SHA512

    c255f6751e97692b4517c9a4d240393098c58e626e09b0d0189b81a8f6cd20967a2f15ce9d793fa8aec76246cafc7d9b2326bf06f6adbd547f458a7d04b17d1d

  • SSDEEP

    196608:pJVfGouCB8oMxqANNjYYUMLRoCRMggq2k+E9p+o3k:prf7uC/Mxq4YSLRowMPqj+E9Io3k

Score
10/10
pegasusandroidlinux

Malware Config

Targets

    • Target

      dabapkapkapkapkapkapkapka.apk

    • Size

      7.0MB

    • MD5

      29183814f45616d831fdc139e3113718

    • SHA1

      aa47b601dd3a01cf0ec5e2e6da5c4f90c49ba71d

    • SHA256

      144778790d4a43a1d93dff6b660a6acb3a6d37a19e6a6f0a6bf1ef47e919648e

    • SHA512

      c255f6751e97692b4517c9a4d240393098c58e626e09b0d0189b81a8f6cd20967a2f15ce9d793fa8aec76246cafc7d9b2326bf06f6adbd547f458a7d04b17d1d

    • SSDEEP

      196608:pJVfGouCB8oMxqANNjYYUMLRoCRMggq2k+E9p+o3k:prf7uC/Mxq4YSLRowMPqj+E9Io3k

    Score
    1/10
    behavioral1

    • Target

      LenovoSafeBox455.apk

    • Size

      927KB

    • MD5

      02297e27886d758b1f6892b5047ff9ff

    • SHA1

      bf03f835c42a8734d9d862741a235ea3491036ea

    • SHA256

      e0a9bdf5dc4481d913038e6509635b12d12016e820ecc58a5971be3bb72dcb2b

    • SHA512

      d9784281450f91cc32b4feadc0dbf8d76b10bbcf35e7dcd362bc940103317b4e8fafba9fa9dbe0b954d20478d700b92df4f661f53edc6022d67f3bcd85276c8d

    • SSDEEP

      24576:wtMiI2b4apsiko9W8C/2htK3JdFgdXlQ53RJ3J:5iD5pUoW8e0tqVgdXGhJ

    Score
    1/10
    behavioral2behavioral3behavioral4

    • Target

      busybox

    • Size

      636KB

    • MD5

      be6fd7449eedc37655014907277ce5b2

    • SHA1

      f43130897430b8edf6ce554f449c423f95acf01d

    • SHA256

      69200900765e997d2612d877e04b9d4c0450c8f57969f8b69617a3927c7e75b2

    • SHA512

      ce8be1743671f9abc8cdca07526dd7153418ef5c654955aff3b182ef9a6f8c293bd5d2f10fa19cd06c8b730eab9e8c8192889c145a26d6c24636408460d3463a

    • SSDEEP

      12288:WvQsHSiJTQp7CRwO216ssE+DI9IkH3Mn0cIGLRUwQ0D:nITQdCRw50PEX9IM3q02LSH

    Score
    1/10
    behavioral5

    • Target

      toolbox

    • Size

      43KB

    • MD5

      3429082ceb46a11ea4192aa90786ca01

    • SHA1

      d5d87f893f0c16bffecb9d0fd526d119b349fbaa

    • SHA256

      1a9a7a432ee0a58aae10c98747652692886ecfcbd7f58ed5f68ecc806a1a32aa

    • SHA512

      888bd00db2936a72b935bfb30a593a9dd6a28a277617a4980eb9529cedceb08d120addc769bc90d0a7adbc782e82729fdbbd01c4214c724b7113fd8dba2d1d1a

    • SSDEEP

      768:SrIESV1M8u2xSokJfO02heOkOybqVjFVrf3gR7KO2OZN5jYGPJ3tOOqFTFfI8tsg:jJGj2MDOlh90HR2mZNSOqfg8qg

    Score
    1/10
    behavioral6

    • Target

      LenovoSafeWidget115.apk

    • Size

      123KB

    • MD5

      12c89f415f86784edddeb18072f5113f

    • SHA1

      135c18ae3ca1878895391abe5bd69f858b73fb8c

    • SHA256

      6972ef902f648ec405adec1a8ac2843048fe269e0570cfa71379545d9b0fbe77

    • SHA512

      8c4e31290a966db551ae53ca720247779929f2e6ab93166bdd11ba46d6872d328e2670ce2ebd56f95bcbe225f821a4c07856aed9f5ccf677b2876bec1c3cbff0

    • SSDEEP

      3072:znyleVG+yjnp0qWhjKJE0hil5uBl1n8HFZAhCWij:IeM+y7iXWJEyvIz

    Score
    1/10
    behavioral7behavioral8behavioral9

    • Target

      aresEX.dat

    • Size

      6KB

    • MD5

      a10e4e703934855c7e7fa0bc4c25bd9e

    • SHA1

      ba364a24fa49c89c2c3a99099c195e315970f86b

    • SHA256

      b855182829174adb5ff9659d41873d0b2fdd41297364d3c54b5950de83f369fa

    • SHA512

      4020e87030144508136dbad4a4a4850fbf317289e44410676bb6e053a81e652fa08d8f525911192194293344ede4a9545b443344c6d8db24ec53e14bfa36fac8

    • SSDEEP

      96:pnRvrrTcR1Y7dAC8oS0qIlVC90E12ORuzpsnzIPcROLJYAPduDu:1ZvmY7dX8YPCe82auzCzIPcRoVu

    Score
    1/10
    behavioral10

    • Target

      athena

    • Size

      15KB

    • MD5

      ecdc910442504e90baf7a5645645344e

    • SHA1

      6185224f5005808a79a392f221af7075f7f3c99e

    • SHA256

      46d3af4a4fc7d365a81bc7d5c3227c6c22fab2bba83f8add28d8237d3f18bcee

    • SHA512

      7726224ba44e74b19448174b7d6dadfef6eeb76f832416df6350c6e0949ee3017561ae00113d246ce50fa0a2c03c9f2b5f923a577a3df62b04de7cd606c8e384

    • SSDEEP

      192:YBZx+GEdSKfznhVMTHLV0191EG10WLztXbcbl66vLXFxpw0yGA6NNhlCUJ0:Y/x+zHfzhVMTrVC1Ey/Ml5BE6NNjJ

    Score
    1/10
    behavioral11

    • Target

      athena_v2.dat

    • Size

      16KB

    • MD5

      69fd041875aec462bc3f83f001974d3a

    • SHA1

      6731c8d0cf17cb7cd404f44c95b5d661c9007881

    • SHA256

      105c4bb19f1293d88bd3a6fdc14613244a309a905f7609e59ccdfe2c3a587e31

    • SHA512

      3312e1cd1c63b87a4a87328e7e5eb1310e29761811245cbf49424bb2f6d7c4a23701556c7c9ede2c7c4c9ba0b2fc718a84dedd7dd8c87eeb8a02edfeb74cb2ca

    • SSDEEP

      192:zfOtTqw5FxAIk4rhRab3+A5LitX6Bkl66fGXFxpw0r9Dx5uAJJM231Us:zflwhA74rhRH3XlMBZ6AJJM2Os

    Score
    1/10
    behavioral12

    • Target

      c

    • Size

      62KB

    • MD5

      f8583a513356ff6116a2e225c4f53651

    • SHA1

      4cd70539a45e6a7ad7a663b535d99f8b16ba0c49

    • SHA256

      b6ff34ace8344b2fe43fa2648c83538d4d5afbea5a1b0549249eb595886d5fb3

    • SHA512

      26a96ae1015173111ebadacdd82f12dfb661428a173734b339644a3aa03669b8dbe18ce67c3a86b58a35fa5648d28c9f72de39b3bace8db5cc5bfaab90422696

    • SSDEEP

      1536:p3CJO+rVG/2s/Vlhd9w/zvL5jNceSowKJFXQbws3jBrt6r:4XJG/ZVt9OT5jNcFFbxBrC

    Score
    3/10
    behavioral13

    • Target

      c_x86

    • Size

      189KB

    • MD5

      3fb58bafb06f7cb7df0888916e3a47e1

    • SHA1

      ffed744bebb24aeaadd16fc1e121421f1cf40210

    • SHA256

      a87a2799c1d7d25736e307e22b2262f8ebe9cb44b7b028c838885aacb91addaf

    • SHA512

      fa6f47c8f5b06e3b1280c90fa123d2348d830ea813d777e413d1b01c50c2bef19e608757335902373776bb88849f5149ee2ddf6c558b62f3909fe82ccf61fafe

    • SSDEEP

      3072:A8QhbufNPWqdNGqn/5Of8Fhb24jZ9j0Yx3+hW2utXZQzIj:5Qhbu19dNN/RF719jPcW2eZQzIj

    Score
    1/10
    behavioral14

    • Target

      competing_su

    • Size

      62KB

    • MD5

      865290b56c91a7b7a187356aa4f132e3

    • SHA1

      463e40dfd1cc18a7550cffe5c349f927bc10f5cc

    • SHA256

      e089e300e93ab156d91ea537b1e1ae78935b6448a3ef90a916bfafe60440e051

    • SHA512

      e14b6daf6439a2425474f5b62a44463ef215217d80783c12515a8add60ee44e94a04ea16faf8e9ece1de66bc0708e983ba6f3545ca817318f08e1020192136d7

    • SSDEEP

      1536:Mc3CJO+rVr/2szNgc97/hA8U4jNgYNXKE8JXLbwsDNBIz:MlXJr/Zj9lAT4jNg8KbDBI

    Score
    3/10
    behavioral15

    • Target

      competing_x86

    • Size

      197KB

    • MD5

      5c332069ede27cbf9fe19f9015676c19

    • SHA1

      db8cf8cd6c4c01a9c932046f4d46a0f030f1554e

    • SHA256

      c853b46d41d3dc8c93520a845e7f84bade3597f282e6893921b969d3ddc72599

    • SHA512

      014577690e790c4c880eb66b27eb569a3aa2e6dcee97a10777e95018a3fbf628a0c7ab85d8f665f7a9afc2020c3f32366af92a237ad8fbb5c3359a63ee9f6962

    • SSDEEP

      3072:aZ8VhvCl0UudCv51f+38MgaraJZcYatCRtXZozIj:BVhvClgdCB1HM4jBACTZozIj

    Score
    3/10
    behavioral16

    • Target

      cputest

    • Size

      2KB

    • MD5

      781d56e0f9c2ad6174fba1f7cacd7448

    • SHA1

      f66af2de1dfb0bb73385ec1863f79982b901a35e

    • SHA256

      f245b512183ac0a56b917c2f4b8642e499b36473f01e783df20f428c7c3e0964

    • SHA512

      9deb28e468106c92116365260514957890d2b85d35261911886ca1eec22b4c934df560caaa6090c197828cd138262c22b9d360913c9028ff2cecf05dc4751f54

    Score
    1/10
    behavioral17

    • Target

      firewall.dat

    • Size

      24KB

    • MD5

      3d50d9da6ba85d301c41ca359c610cf9

    • SHA1

      f5ae10c2ccdf13fc0d966b575eb65eb7ad65a7b1

    • SHA256

      123a5defb63cbe34b6cb817d4ed010079c34af20ec9952879f65a9d6078d51d5

    • SHA512

      04ac3fb26a123ae8ae97435f514248ce19aa23185d0f75516fecd2f4c121ca81ce97a1cb64936e88bd38b09d304cf0c08a4764e73adb7c042596d19633830041

    • SSDEEP

      384:tgiX0N4GLjqj+uODtsTxuRJE2Bdf1HEKueLzs7lhcFkpKKwtcfD:WisXs1mNuKyDcGstO

    Score
    1/10
    behavioral18

    • Target

      godEX.dat

    • Size

      10KB

    • MD5

      33a8ee81956edde822611eb8936b5682

    • SHA1

      f67f53c457ef2481e6d5d287fed50e552cd9463d

    • SHA256

      0d155b8f39c8cb39608c107d5a94e9454b017c230258c63ef4eeb2c510ac12e7

    • SHA512

      92311af995b3746c5cdb7c67235ad40066d2a0b5056742e9e45ff223eeb25c9399ff9765b04c92c7dce93318a24069021e75cae2efd2ca0dc4ca4df222dd4bad

    • SSDEEP

      192:qVsZnVtYsPcWR1Ncx9Us+n5UwWF2gBwo09Us:qcfEWRbcTU4wus

    Score
    1/10
    behavioral19

    • Target

      injectso_arm

    • Size

      15KB

    • MD5

      987a977f888d9fd21b2ebb9359d7c5cd

    • SHA1

      4fef24876c6f8f802a3e9d1f00e5dcf5ba29a10b

    • SHA256

      ce91097b856d14f3bedc4317c5ed4b0595f27fc78f9807b8bd88f3c895d28ac2

    • SHA512

      704e62b128abb7259377068ebbbff57156ea025e9fa47c5e19da8dfade90134f1c8b96c3122f45df499e12eb69c9fc8a7701c973e726c7c0891c3f7de6b5b4a2

    • SSDEEP

      192:/SEM5KYhSSm8v5SmAJdLMtXz9Rl6GQ0XFx1w0ccySZwaVl+sUq:w5pFcu3l5FnPIhq

    Score
    1/10
    behavioral20

    • Target

      injectso_x86

    • Size

      10KB

    • MD5

      554ad5ad7ed5c0cf3893548dc19d2b43

    • SHA1

      10466d2c4607f754ca4ed2521602554f09d0bfed

    • SHA256

      ad0efacc242298fe70a28220335fa16ccd879acf1d0009d6f0d789936457f066

    • SHA512

      702ed47d37d44d4240785ebf274766ff3601da805333717cfaae129e2cb3684e4c8d2535dc0046b19b486cc759df7b1013398f6cc978d0a9095d8cac7288695b

    • SSDEEP

      192:fQBEeMNC/eqZfUlAN5A8+SNTL1FLNe/Jc4icClsVSCSAVSmkSUSt/RcY:fFNC/equeG8HvaJFl3hkPMJ

    Score
    1/10
    behavioral21

    • Target

      iptables

    • Size

      193KB

    • MD5

      50e39f66369344b692084a9563c185d4

    • SHA1

      f183b6b09cef0ede5eec55ccf22d246f733f411e

    • SHA256

      d7e96b9389ecc37b15a998b615629ee24d2f6823f14dec13ffd3ad4313a72c69

    • SHA512

      0a0447386e2782ef14f5222bbb0384d76758b9dbecb3f11d147ef2b8f48281abe993f37d6d920cecdb4eeef02ce442b9a7b91e7a3e0a85788e131b73d25b40ca

    • SSDEEP

      6144:3vjxOOaXJIJXP1/x2TvZJ/70qK6m+7vj4R7:/jHaXk1JAI5qA

    Score
    1/10
    behavioral22

    • Target

      libphonehook_armv6.so

    • Size

      17KB

    • MD5

      1d9575e4c806153f36b66c0cbc139b19

    • SHA1

      46066018bd1f160a206b1f0179672f2cb95823b6

    • SHA256

      aacf849cadbf01c7fd3ea336e7dbd0589548be31219d33bd33452742af35b34e

    • SHA512

      2822b97afa1253017b5e1d77cd2ffd511784fa0fbaacd63e6f3ee5e656a6ec435e1a7a8bb34c5e4f87e402a2b750d25da54ce268a7ee64639e34d66a0f4e5584

    • SSDEEP

      192:rUPn0L7mtS9UCSUpRwEmYPivtXSeMMUYdv538gEld/HEp0r4dY1MXRz6IAbUZrG0:55TPqtXBMsFElBd1MXJ6IAbUZrGvMRL

    Score
    1/10
    behavioral23

    • Target

      libphonehook_armv7.so

    • Size

      17KB

    • MD5

      b3171b88ae90ae65b7e6b99e730f786b

    • SHA1

      4505fba0101d928f5291591404246a5d8d52f883

    • SHA256

      a1963a6e648db1f95f662aefd53b664d6789a37ecdcb0ff54942825528a7f3d0

    • SHA512

      18035996afa7734324fdfa7924b4dd67415a303376553d58f50b8259e661e2821d09a7105cd08229657a4909cd094f60728a89ed23e7c948ccc7f0e48c4c3eb3

    • SSDEEP

      192:dCeYbVuyt07KLSCtJQapb94ijOiZXHHNmtgkim0uEkIQdyCHQD3XelEDl4rykUbF:6WiTpHXmLIQ8+QTXe64rykUbAI8Wgn

    Score
    1/10
    behavioral24

    • Target

      libphonehook_x86.so

    • Size

      30KB

    • MD5

      5b08c61c524ce4a0e5f88b7b115fd84b

    • SHA1

      b2b7375397945a49f016b15ad7aa425023145390

    • SHA256

      cf477847bc74fa0046d04ad692909bffb3110ee66feed786e883866a485a4d86

    • SHA512

      07b492f91333cbc5cf8d0bf80229dad8a2e85d7868c3bca54980443dcad0be425226846018afe27b2483a67fa71fd8ecaf1fd0bd3addffa49e5fbf6017b97198

    • SSDEEP

      384:XoOXMggTjNltlCxB/0mbYa+/hz1jHCUohduzYr4uqDv6IUjEtrcu0bNqHl:X5MfTRlHCxt1MlhhTCUYiM4nxINU

    Score
    1/10
    behavioral25

    • Target

      libsystemhook_armv6.so

    • Size

      21KB

    • MD5

      ec6192aac7b0976f886b91372eee8b18

    • SHA1

      da4cb8ea224bc523aa0c5b66579250d71c0e467a

    • SHA256

      0d71fce4b0a6f6efc62d7152a13e79ef7c0668700418f385d31fd9b8bd848c8f

    • SHA512

      87d8a3f1ba9a4aca66ec9fffea54690968b7844f52a8deaa2d077413677b1b06a98708a960d907cf6f62eb8c83183f91a3d9e7c934dd34fa505fd7b5096ce4c5

    • SSDEEP

      384:AlkqwU+QbPG0M3wIsaVITfjQx8iGR4/EDon:PqG7gTkOon

    Score
    1/10
    behavioral26

    • Target

      libsystemhook_armv7.so

    • Size

      21KB

    • MD5

      58f22f3b22dac385f678a0e603e87cf3

    • SHA1

      93edc814cb19c25279f952b9cd30a977b5d5f4e5

    • SHA256

      ac52c81342d8c5a300e852b5a3b1f9b3fba6767a33cb31f000d57da16c1d9d54

    • SHA512

      8a648b46e84eb587271b4fe7a4e6528f9c50409da9175e5b97ee165cd5573b31ab89e7fa5f51e8286b209a3deca6e9d46eb30e10e3acb25ccf4c6ff6c6b5f13c

    • SSDEEP

      384:57rMyQY8divXsE1xz0/YNIohBblsmrgPMNJOlI:5Pxz0URhsmg

    Score
    1/10
    behavioral27

    • Target

      libsystemhook_x86.so

    • Size

      35KB

    • MD5

      b2767e855c87d48d20ea713495d7a965

    • SHA1

      7b4cec58e53a830a624ed342303849430b131688

    • SHA256

      25f8ea576c0a475d6399e50c93c1b0a525845af5f3a80e7adcde430dfc468727

    • SHA512

      b7685f472abf3ffbe4e6c664890c3e182ef390f4870c16efc112f48aec35867be33725d02dbbcb0f2b9fed0ff46398c2934afb540fb6ea74d40e446bec5e7127

    • SSDEEP

      384:lLKNa+Q85dypggTjNltlCz5Y3moXPnWaqEPLwTasG3vrItIC+ubYkRtRSQLMQLN8:loepfTRlHCi2oRZcTaxvEtSkPu

    Score
    1/10
    behavioral28

    • Target

      nb.jar

    • Size

      3KB

    • MD5

      3c70f55ea42070b6e646c590d2101106

    • SHA1

      9ed7c23fabc5d7477cb9d2900bb4e321566ae9e2

    • SHA256

      d31f20333a7eec385e5142196ee67ff5aaf44130b536e317a998507659ea3d15

    • SHA512

      288528f8af46e5d182c9916346ddd17b5a1c2002de0e3edf205153a4b3b129bb253ba39ee151eb56a76bc1ea82a41376dd830578e330c9fc472ad2bcdcd720d0

    Score
    1/10
    behavioral29behavioral30behavioral31

MITRE ATT&CK Matrix

Tasks