pegasus | 144778790d4a43a1d93dff6b660a6acb3a6d37a19e6a6f0a6bf1ef47e919648e

Resubmissions

12-02-2024 12:17

240212-pgdnlsch81 10

15-12-2022 11:09

221215-m9fybsfc2v 7

15-12-2022 10:50

221215-mxl9kscb73 7

01-12-2022 12:38

221201-pvgbnagg49 7

Sharing

Copy URL

Twitter E-mail

General

Target

144778790d4a43a1d93dff6b660a6acb3a6d37a19e6a6f0a6bf1ef47e919648e
Size

7.0MB
MD5

29183814f45616d831fdc139e3113718
SHA1

aa47b601dd3a01cf0ec5e2e6da5c4f90c49ba71d
SHA256

144778790d4a43a1d93dff6b660a6acb3a6d37a19e6a6f0a6bf1ef47e919648e
SHA512

c255f6751e97692b4517c9a4d240393098c58e626e09b0d0189b81a8f6cd20967a2f15ce9d793fa8aec76246cafc7d9b2326bf06f6adbd547f458a7d04b17d1d
SSDEEP

196608:pJVfGouCB8oMxqANNjYYUMLRoCRMggq2k+E9p+o3k:prf7uC/Mxq4YSLRowMPqj+E9Io3k

Score

10^/10

pegasus

Malware Config

Signatures

Pegasus family
pegasus

Pegasus payload 1 IoCs

resource	yara_rule
sample	family_pegasus1

Requests dangerous framework permissions 23 IoCs

description	ioc
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to monitor incoming MMS messages.	android.permission.RECEIVE_MMS
Allows an application to read the user's calendar data.	android.permission.READ_CALENDAR
Allows an application to write the user's calendar data.	android.permission.WRITE_CALENDAR
Allows an application to write the user's contacts data.	android.permission.WRITE_CONTACTS
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to collect component usage statistics.	android.permission.PACKAGE_USAGE_STATS
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether.	android.permission.PROCESS_OUTGOING_CALLS
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to receive WAP push messages.	android.permission.RECEIVE_WAP_PUSH
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an application to collect component usage statistics.	android.permission.PACKAGE_USAGE_STATS
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether.	android.permission.PROCESS_OUTGOING_CALLS

Files

144778790d4a43a1d93dff6b660a6acb3a6d37a19e6a6f0a6bf1ef47e919648e
.apk android arch:arm

com.lenovo.safecenter

.MainTab.SplashActivity

Activities

.MainTab.SplashActivity

android.intent.action.MAIN

.MainTab.LeSafeMainActivity

com.lenovo.safecenter.mainTab

.MainTab.UpdateVersionActivity

com.lenovo.safecenter.updateAndPassword

.platform.AgainstTheftSet

com.lenovo.safecenter.AgainstTheftSet

.Laboratory.ForbiddenApplication

com.lenovo.safecenter.view.ForbiddenApplication

.Laboratory.GuestModeSet

com.lenovo.safecenter.view.GuestModeSet

.AppsManager.DialogActivity

com.lenovo.safecenter.view.DialogActivity

.safemode.SofeModeMain

com.lenovo.safecenter.safemode.SofeModeMain

.Laboratory.SafePaymentDialogActivity

com.lenovo.safecenter.view.LaboratoryActivity

.Laboratory.SafePaymentActivity

com.lenovo.safecenter.SafePaymentActivity

.lenovoAntiSpam.MainActivity

com.lenovo.safecenter.main

.antivirus.MainActivity

com.lenovo.safecenter.antivirus.main

.antivirus.views.FlashProActivity

com.lenovo.antivirus.gifmain

.antivirus.views.NotiSMSActivity

com.lenovo.antivirus.notice

.safemode.PrivateMainActivity

com.lenovo.safecenter.privatezone

.net.TrafficStatistics

com.lenovo.safecenter.net.traffic

.net.doublemode.NetSetting

com.lenovo.safecenter.net.setting

.Laboratory.AppUninstall

com.lenovo.safecenter.appuninstall

.shortcut.CleanAcitivty

android.intent.action.MAIN
android.intent.action.CREATE_SHORTCUT

.floatwindow.shortcut.ShortcutActivity

android.intent.action.CREATE_SHORTCUT

.lenovoAntiSpam.newview.WhiteABlackMain

com.lenovo.safecenter.manblack
com.lenovo.safecenter.manwhite

com.lenovo.install.InstallActivity

android.intent.action.VIEW

Permissions

android.permission.INTERNET
android.permission.READ_PHONE_STATE
android.permission.READ_CONTACTS
android.permission.READ_SMS
android.permission.CALL_PHONE
android.permission.SEND_SMS
android.permission.RECEIVE_SMS
android.permission.RECEIVE_MMS
android.permission.READ_CALENDAR
android.permission.WRITE_CALENDAR
android.permission.WRITE_CONTACTS
android.permission.WRITE_SMS
android.permission.WRITE_SETTINGS
android.permission.WRITE_SECURE_SETTINGS
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.BROADCAST_PACKAGE_REMOVED
android.permission.RESTART_PACKAGES
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_MOCK_LOCATION
android.permission.ACCESS_NETWORK_STATE
com.android.browser.permission.READ_HISTORY_BOOKMARKS
com.android.browser.permission.WRITE_HISTORY_BOOKMARKS
android.permission.FORCE_STOP_PACKAGES
android.permission.PACKAGE_USAGE_STATS
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.WAKE_LOCK
android.permission.VIBRATE
android.permission.MODIFY_PHONE_STATE
android.permission.PROCESS_OUTGOING_CALLS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.STATUS_BAR_SERVICE
android.permission.SYSTEM_ALERT_WINDOW
android.permission.READ_NETWORK_USAGE_HISTORY
android.permission.DELETE_PACKAGES
android.permission.GET_PACKAGE_SIZE
android.permission.READ_LOGS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.CHANGE_NETWORK_STATE
android.permission.GET_TASKS
android.permission.MOUNT_FORMAT_FILESYSTEMS
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.BROADCAST_WAP_PUSH
android.permission.RECEIVE_WAP_PUSH
android.permission.ACCESS_WIFI_STATE
android.permission.BATTERY_STATUS
android.permission.CHANGE_WIFI_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.BLUETOOTH_ADMIN
android.permission.BLUETOOTH
android.permission.VIBRATE
android.permission.FORCE_STOP_PACKAGES
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.WRITE_SYNC_SETTINGS
android.permission.DEVICE_POWER
android.permission.SYSTEM_ALERT_WINDOW
android.permission.DELETE_CACHE_FILES
android.permission.BROADCAST_PACKAGE_REMOVED
android.permission.RESTART_PACKAGES
android.permission.ACCESS_MOCK_LOCATION
com.android.browser.permission.READ_HISTORY_BOOKMARKS
com.android.browser.permission.WRITE_HISTORY_BOOKMARKS
android.permission.PACKAGE_USAGE_STATS
android.permission.WAKE_LOCK
android.permission.MODIFY_PHONE_STATE
android.permission.PROCESS_OUTGOING_CALLS
android.permission.STATUS_BAR_SERVICE
android.permission.SET_ACTIVITY_WATCHER
android.permission.WRITE_MEDIA_STORAGE
android.permission.MASTER_CLEAR
com.android.launcher.permission.INSTALL_SHORTCUT
com.android.launcher.permission.UNINSTALL_SHORTCUT
com.android.launcher.permission.READ_SETTINGS
android.permission.MOVE_PACKAGE
android.permission.CLEAR_APP_CACHE
android.permission.ACCESS_WIFI_SATAE
android.permission.BATTERY_STATUS
android.permission.BLUETOOTH

Receivers

com.lenovo.lps.sus.control.SUSReceiver

com.lenovo.lps.sus.ACTION_UPDATE

.platform.BootBroadcast

android.intent.action.BOOT_COMPLETED
android.intent.action.SIM_STATE_CHANGED

.platform.NoticeBroadcast

lenovo.use.permission.denied
com.safecenter.broadcast.openChildMode
com.safecenter.broadcast.openPrivacyMode
com.safecenter.broadcast.openGuestMode
com.lenovo.safecenter.view.DialogActivity

.broadcast.AppBroadcast

android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED
android.intent.action.PACKAGE_REPLACED

.broadcast.HarassLogBroadcast

ACTION_BLACK_MESSAGE
ACTION_BLACK_PHONE
com.lenovo.antivirus.notify

.broadcast.SmsBroadcast

lenovo.backgroud.sendsms
SENT_SMS_ACTION

.support.SMSCheckReceiver

android.provider.Telephony.SMS_RECEIVED
android.provider.Telephony.SMS_RECEIVED_ON_SIM

.support.OutPhoneReceiver

android.intent.action.USER_PRESENT

.support.CheckInterChangeReceiver

com.lenovo.antispam.blackperson.change
com.lenovo.antispam.whiteperson.change
com.lenovo.antispam.netperson.change
com.lenovo.securityperson.change
com.lenovo.antispam.blackperson..provider.change

.utils.updateLab.UpdateLabReceiver

com.lenovo.antivirus.updateresult
com.lenovo.antivirus.queryresult
com.lenovo.antispam.blackupdateresult
com.lenovo.antispam.blackqueryresult
com.lenovo.antispam.sysupdateresult
com.lenovo.antispam.sysqueryresult
com.lenovo.safecenter.Broadcast.updateLab
com.lenovo.antispam.signcallupdateresult
com.lenovo.antispam.signcallqueryresult

.utils.updateLab.WifiConnectedReceiver

android.net.wifi.STATE_CHANGE

.lenovoAntiSpam.support.SMSCheckReceiver

android.provider.Telephony.SMS_RECEIVED
android.provider.Telephony.SMS_RECEIVED_ON_SIM

.broadcast.SafeInputMethodBroadcast

com.lenovo.safecenter.safeinputmethod

.broadcast.UpdateTrafficReceiver

com.lenovo.safecenter.updatetrafficbar.broadcast
com.lenovo.safecenter.init.trafficbar

.antivirus.support.BootBroadcastReceiver

action.forcestop.antivirus
action.antivirus.init

.antivirus.support.AppBroadcast

android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED
android.intent.action.PACKAGE_REPLACED

.antivirus.support.alarmreceiver

android.net.conn.CONNECTIVITY_CHANGE

.net.support.BootBroadcast

android.intent.action.BOOT_COMPLETED
android.intent.action.ACTION_SHUTDOWN
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED
android.net.conn.CONNECTIVITY_CHANGE
com.lenovo.safecenter.traffic.correction
android.intent.action.AIRPLANE_MODE

.support.MMSReceiver

android.provider.Telephony.WAP_PUSH_RECEIVED

.antivirus.support.DeleteSDFileBroadcast

action.antivirus.delete.sdfile

.broadcast.InputMethodChangeBroadcast

android.intent.action.INPUT_METHOD_CHANGED
com.safecenter.boot.safeinput

com.lenovo.performancecenter.service.object.KillAllPackageReceiver

com.lenovo.safecenter.PERFORMANCE_KILL_ALL_PROCESSES
com.lenovo.safecenter.PERFORMANCE_KILL_SINGLE_PROCESS
com.lenovo.safecenterwidget.RECORD_KILL_EVENT
com.lenovo.safecenter.clearapp

com.lenovo.performancecenter.framework.LeemCenterReceiver

android.intent.action.BOOT_COMPLETED
com.lenovo.safecenter.activityswitch

.mmsutils.PushReceiver

android.provider.Telephony.WAP_PUSH_RECEIVED

.Laboratory.SafeHomePageBroadcast

com.lenovo.safecenter.activityswitch

Services

.broadcast.AlarmService

com.lenovo.antitheft.ALARM

.broadcast.sendMsgService

com.lenovo.antitheft.SENDMESSAGE

.lenovoAntiSpam.support.DownSysService

com.lenovo.antispam.sysupdate
com.lenovo.antispam.sysquery

.lenovoAntiSpam.support.DownNetBlackService

com.lenovo.antispam.netblackupdate
com.lenovo.antispam.netblackquery

.lenovoAntiSpam.support.DownSignCallService

com.lenovo.antispam.signcallquery
com.lenovo.antispam.signcallupdate

.antivirus.support.dowmdataService

com.lenovo.antivirus.query
com.lenovo.antivirus.update

.broadcast.LockScreenService

com.lenovo.safecenter.lockscreenservice

.net.support.InitializeService

com.lenovo.safecenter.traffic.service.RTC
com.lenovo.safecenter.deletetraffic.service.RTC
com.lenovo.safecenter.updatetrafficbar.service.RTC
com.lenovo.safecenter.correct.traffic.SIM.service.RTC
com.lenovo.safecenter.correct.traffic.SIM2.service.RTC
com.lenovo.safecenter.notice.traffic.ui.service.RTC

com.lenovo.safecenter.aidl.killvirus.RemoteScanVirusService

com.lenovo.safecenter.aidl.killvirus.RemoteScanVirus

com.lenovo.safecenter.aidl.healthcheck.RemoteHealthCheckService

com.lenovo.safecenter.aidl.healthcheck.RemoteHealthCheck

com.lenovo.safecenter.aidl.usbdebugmode.RemoteUsbDebugModeService

com.lenovo.safecenter.aidl.usbdebugmode.RemoteSetUsbDebugMode

com.lenovo.performancecenter.framework.CustomerWhiteListService

com.lenovo.performancecenter.framework.CustomerWhiteListService
LenovoSafeBox455.apk
.apk android

com.lenovo.safebox

com.lenovo.lps.sus.control.SUSPromptActivity

Activities

.PrivateSpaceActivity

com.lenovo.safecenter.LENOVO_SAFEBOX

.AddAppActivity

com.lenovo.safecenter.LENOVO_APPLOCK

.VisitControlActivity

com.lenovo.safebox.VISIT_CONTROL

Permissions

android.permission.WRITE_EXTERNAL_STORAGE
android.permission.INTERNET
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.GET_TASKS
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.SYSTEM_ALERT_WINDOW
android.permission.ACCESS_WIFI_STATE
android.permission.ACCESS_NETWORK_STATE
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.READ_PHONE_STATE
android.permission.READ_LOGS
android.permission.WRITE_SETTINGS
com.android.launcher.permission.INSTALL_SHORTCUT
com.android.launcher.permission.WRITE_SETTINGS
com.android.launcher.permission.READ_SETTINGS

Receivers

com.lenovo.safebox.PrivacySpaceReceiver

android.intent.action.MEDIA_MOUNTED
android.intent.action.MEDIA_SCANNER_FINISHED

.service.BootReceiver

android.intent.action.MEDIA_EJECT
android.intent.action.MEDIA_MOUNTED
android.intent.action.BOOT_COMPLETED
android.intent.action.USER_PRESENT

com.lenovo.lps.sus.control.SUSReceiver

com.lenovo.lps.sus.ACTION_UPDATE

Services

com.lenovo.safebox.service.WatchAppService

com.lenovo.safebox.NO_SERVICE

com.lenovo.safebox.service.MonitorAppService

com.lenovo.safebox.WATCH_APP_SERVICE
LenovoSafeWidget115.apk
.apk android

com.lenovo.safecenterwidget

.DownloadLeSafeActivity

Activities

Permissions

android.permission.KILL_BACKGROUND_PROCESSES
android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_SATAE
android.permission.READ_PHONE_STATE

Receivers

.MemClear4X1

android.appwidget.action.APPWIDGET_UPDATE
android.intent.action.USER_PRESENT
com.lenovo.safewidget.memory.refresh
com.lenovo.safewidget.memory.entrysafecenter
com.lenovo.safecenter.PERFORMANCE_GET_KILL_RESULT
com.lenovo.safecenter.PERFORMANCE_EXE_SHORTCUT
com.lenovo.safecenterwidget.ok
com.lenovo.safecenter.PERFORMANCE_RECORD_KILL_EVENT

Services
nb.jar
.apk android

Android Permissions

144778790d4a43a1d93dff6b660a6acb3a6d37a19e6a6f0a6bf1ef47e919648e

Permissions

android.permission.INTERNET

android.permission.READ_PHONE_STATE

android.permission.READ_CONTACTS

android.permission.READ_SMS

android.permission.CALL_PHONE

android.permission.SEND_SMS

android.permission.RECEIVE_SMS

android.permission.RECEIVE_MMS

android.permission.READ_CALENDAR

android.permission.WRITE_CALENDAR

android.permission.WRITE_CONTACTS

android.permission.WRITE_SMS

android.permission.WRITE_SETTINGS

android.permission.WRITE_SECURE_SETTINGS

android.permission.KILL_BACKGROUND_PROCESSES

android.permission.BROADCAST_PACKAGE_REMOVED

android.permission.RESTART_PACKAGES

android.permission.ACCESS_COARSE_LOCATION

android.permission.ACCESS_FINE_LOCATION

android.permission.ACCESS_MOCK_LOCATION

android.permission.ACCESS_NETWORK_STATE

com.android.browser.permission.READ_HISTORY_BOOKMARKS

com.android.browser.permission.WRITE_HISTORY_BOOKMARKS

android.permission.FORCE_STOP_PACKAGES

android.permission.PACKAGE_USAGE_STATS

android.permission.KILL_BACKGROUND_PROCESSES

android.permission.WAKE_LOCK

android.permission.VIBRATE

android.permission.MODIFY_PHONE_STATE

android.permission.PROCESS_OUTGOING_CALLS

android.permission.RECEIVE_BOOT_COMPLETED

android.permission.STATUS_BAR_SERVICE

android.permission.SYSTEM_ALERT_WINDOW

android.permission.READ_NETWORK_USAGE_HISTORY

android.permission.DELETE_PACKAGES

android.permission.GET_PACKAGE_SIZE

android.permission.READ_LOGS

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.MOUNT_UNMOUNT_FILESYSTEMS

android.permission.CHANGE_NETWORK_STATE

android.permission.GET_TASKS

android.permission.MOUNT_FORMAT_FILESYSTEMS

android.permission.MOUNT_UNMOUNT_FILESYSTEMS

android.permission.BROADCAST_WAP_PUSH

android.permission.RECEIVE_WAP_PUSH

android.permission.ACCESS_WIFI_STATE

android.permission.BATTERY_STATUS

android.permission.CHANGE_WIFI_STATE

android.permission.ACCESS_WIFI_STATE

android.permission.BLUETOOTH_ADMIN

Resubmissions

Sharing

General

Malware Config

Signatures

Files

com.lenovo.safecenter

.MainTab.SplashActivity

Activities

.MainTab.SplashActivity

.MainTab.LeSafeMainActivity

.MainTab.UpdateVersionActivity

.platform.AgainstTheftSet

.Laboratory.ForbiddenApplication

.Laboratory.GuestModeSet

.AppsManager.DialogActivity

.safemode.SofeModeMain

.Laboratory.SafePaymentDialogActivity

.Laboratory.SafePaymentActivity

.lenovoAntiSpam.MainActivity

.antivirus.MainActivity

.antivirus.views.FlashProActivity

.antivirus.views.NotiSMSActivity

.safemode.PrivateMainActivity

.net.TrafficStatistics

.net.doublemode.NetSetting

.Laboratory.AppUninstall

.shortcut.CleanAcitivty

.floatwindow.shortcut.ShortcutActivity

.lenovoAntiSpam.newview.WhiteABlackMain

com.lenovo.install.InstallActivity

Permissions

Receivers

com.lenovo.lps.sus.control.SUSReceiver

.platform.BootBroadcast

.platform.NoticeBroadcast

.broadcast.AppBroadcast

.broadcast.HarassLogBroadcast

.broadcast.SmsBroadcast

.support.SMSCheckReceiver

.support.OutPhoneReceiver

.support.CheckInterChangeReceiver

.utils.updateLab.UpdateLabReceiver

.utils.updateLab.WifiConnectedReceiver

.lenovoAntiSpam.support.SMSCheckReceiver

.broadcast.SafeInputMethodBroadcast

.broadcast.UpdateTrafficReceiver

.antivirus.support.BootBroadcastReceiver

.antivirus.support.AppBroadcast

.antivirus.support.alarmreceiver

.net.support.BootBroadcast

.support.MMSReceiver

.antivirus.support.DeleteSDFileBroadcast

.broadcast.InputMethodChangeBroadcast

com.lenovo.performancecenter.service.object.KillAllPackageReceiver

com.lenovo.performancecenter.framework.LeemCenterReceiver

.mmsutils.PushReceiver

.Laboratory.SafeHomePageBroadcast

Services

.broadcast.AlarmService

.broadcast.sendMsgService

.lenovoAntiSpam.support.DownSysService

.lenovoAntiSpam.support.DownNetBlackService

.lenovoAntiSpam.support.DownSignCallService

.antivirus.support.dowmdataService

.broadcast.LockScreenService

.net.support.InitializeService

com.lenovo.safecenter.aidl.killvirus.RemoteScanVirusService

com.lenovo.safecenter.aidl.healthcheck.RemoteHealthCheckService

com.lenovo.safecenter.aidl.usbdebugmode.RemoteUsbDebugModeService

com.lenovo.performancecenter.framework.CustomerWhiteListService

com.lenovo.safebox

com.lenovo.lps.sus.control.SUSPromptActivity

Activities

.PrivateSpaceActivity

.AddAppActivity

.VisitControlActivity

Permissions

Receivers

com.lenovo.safebox.PrivacySpaceReceiver