93d421b18af345591cb8b3fc3e995f5a9e78221deb0fa1e0474b2b942623d5b6

Analysis

max time kernel
122s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
22-05-2024 11:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

appp.apk
Size

4.4MB
MD5

33e4245b47968b28a760e6bcd4e5b08a
SHA1

4c131ac68de034a5d7d019925228d038794b4f87
SHA256

93d421b18af345591cb8b3fc3e995f5a9e78221deb0fa1e0474b2b942623d5b6
SHA512

806131af5b39066c3f230a6cb1fde20e178febac2d2483d97509ae161c119c4bda93666fb501690201a8ff34dff0c34158d4e238ae61e6f34e0f9010a680be12
SSDEEP

98304:+Wrk8fHunRhCNkweD/YZQXnqyK5tJhAnEF6joPpgKidfXZFFVtcUuxFKKo9:+WrZfOn3CSYEqyQJpLd+Xlvcs19

Score

7^/10

persistence

Malware Config

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.sistemapegasus.pgsmobile

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.sistemapegasus.pgsmobile

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.sistemapegasus.pgsmobile

com.sistemapegasus.pgsmobile
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4271

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.sistemapegasus.pgsmobile/files/parameters.json

Filesize
26B

MD5
e142226b21e2dc8df43f8d339bcb1a93

SHA1
362a9f77a62af474a42cf2f641497d248fa68f1f

SHA256
b48d0c107d2a2eb3c3c6ea368e0f5140be15cedc97ca28fb6f99dfd7eda3c038

SHA512
c1be5f81b790417a8d6ac55572d03cf813cbb523dd601ec09b7c5bfc1aa69cc38cc2e6558897a66ee4cb9d8d2114d1897da1b4c6027e3e9501c44d700eee1f04

Download Submit
/data/data/com.sistemapegasus.pgsmobile/files/parameters.json

Filesize
76B

MD5
fb9488ad10b8cf6d146cf88d273e0872

SHA1
2d2177f36f64ef63fa0977e312e4db4dad7cbcd4

SHA256
0e0ccc3eb67c8e8ad984dfea24733d9d7ddc6eaf52da4f25e34c3165dea37c14

SHA512
7f68897a1490617bb68831fbeaae82ab7a87db601c4c8f52e292729b705e78f9bb8ac56658a3833794fa21aae560e83b9e983933cc4b157f9ba0a4bfad3f233e

Download Submit
/data/data/com.sistemapegasus.pgsmobile/files/pegasuspedidosmob.db

Filesize
936KB

MD5
bc89434270b2c1420b1977fd478f81d0

SHA1
7035c7ccdd56b74ba0aaccdc3030725387700119

SHA256
1f521b2e833a0278f287606e87f402818cb05bfae9907ef042c15c0f966a7a86

SHA512
6a6e5245efccfd98cb326697c0f5d5e0906098e722e1773c9f83f00f7e166ca86318c98615fba268a447bb951f64683fa8bce87581809dc478a47ba83ae6c3db

Download Submit
/data/data/com.sistemapegasus.pgsmobile/files/pegasuspedidosmob.db

Filesize
4KB

MD5
6108783ffc9223052b7f2a45047d86eb

SHA1
88c2b26e50fc82117b4f75af8cbfdcb628805765

SHA256
addaa33114268f8da7799dd9e4caf99bc4dc158cdcaa43c2d7891b49b196a47a

SHA512
bea40dd3d504a8b3eb75bfde30c6d16a81c6f459b31c72b477506adad629432b01fe79b4f547c04346cdcb2269e90059b20db6473db103fb7a1dc7a6124bbf99

Download Submit
/data/data/com.sistemapegasus.pgsmobile/files/pegasuspedidosmob.db-journal

Filesize
4KB

MD5
5927ecef9af8904bbcdc50d8ea632fa4

SHA1
a02f145893d0a4c6b465021145480d8192f03995

SHA256
99a110876d46c8da271dd1360407bf7f2a1d1d6564856339a383e3a9f9229365

SHA512
1a9f2ecd633944bcb2c113262269d276f5539c2eb90c437cfde77536ca8706db627aaeba8af0ada9668c43cfc43ce4d6853e9ee93c1a64f1a91c71d2ccc57b6d

Download Submit
/data/data/com.sistemapegasus.pgsmobile/files/pegasuspedidosmob.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/storage/emulated/0/.pgsmobile_NO_BORRAR.raf

Filesize
30B

MD5
fbee88d44ca8a5f7c4bba1877190ac02

SHA1
fe7dc4f58e96bcc5a3fc42a4f15f712a2f43c48d

SHA256
83d8025611ffc8c9e7bc3086e3b541bfd2f6b80e5c443e545349ed629f356477

SHA512
fb984b9de18bc0e68b4a9e2aabba08cbe46e4c5c1b4d7af775a70f6588d35864ab225d7c8770d16ad09d6d5a209475eb210249642cf39570c54d38b81d950135

Download Submit