pegasus | ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5

Analysis

max time kernel
179s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
28-05-2024 07:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7c3ad8fec33465fed6563bbfabb5b13d_JaffaCakes118.apk
Size

257KB
MD5

7c3ad8fec33465fed6563bbfabb5b13d
SHA1

e5920f3723e62e1850157f09baf556006bf80f74
SHA256

ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5
SHA512

75da7c118879d9430fb13c5a51d76e1278f0c1474d5cc25c4b9684b7d8c0f93b2e44584eee0f8b0d12016bc1efad367b45ff9ca5609853ae345b6d802ff63d10
SSDEEP

6144:OiJF1SCwcTjQGPihLcfUmu9XuS0nbkDIyTkRJ0P1d41RiFV1iFuU:OqF1VHzqLcfIJ4bqIeP9d4jkKFuU

Score

10^/10

pegasus collection discovery infostealer persistence trojan

Malware Config

Signatures

Pegasus
Pegasus is a commercial Android spyware first seen in 2016.
infostealer trojan pegasus

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/contacts	com.network.android

Reads the content of the browser bookmarks. 1 TTPs 1 IoCs

collection

Data from Local System

T1533

description	ioc	Process
URI accessed for read	content://browser/bookmarks	com.network.android

Reads the content of the call log. 1 TTPs 1 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	com.network.android

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.network.android

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.network.android

com.network.android
1⤵
- Reads the contacts stored on the device.
- Reads the content of the browser bookmarks.
- Reads the content of the call log.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:4311

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Data from Local System

T1533

Protected User Data

T1636

Call Log

T1636.002

Contact List

T1636.003

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.network.android/databases/NetworkManagerData.db

Filesize
16KB

MD5
b1b07690091ef56446cb1e2105e92d78

SHA1
a7c2ff91432530df5e42131b557029d481f5f44e

SHA256
2cbd6c123ba0396b016401cc9590cf6b7ce23538f57398e34615cdd614bda3cb

SHA512
89f4f33b7cd99eb06c1ee71baba6724ac1297f006789070f4bb1441f0de113ad7685995884f47356f8bcfeb559c4e7d57d2dc2fc4321bda21208a87b1ba0bacb

Download Submit
/data/data/com.network.android/databases/NetworkManagerData.db-journal

Filesize
512B

MD5
4fec14ada0c077a01cd1dc9c8bf8e724

SHA1
abed38dd63fd766a8ca3a8fed3f717c18b19da77

SHA256
09df5b67086db2ae6d9e89ff88656c75c883f2136841a36d9628b7e457121c94

SHA512
1c55464e9f753b77657605f892665e10d9c0341601651d64f1505cd20506ad29ccb6eb6290e45aff2fbdab06af820bcf488951a8249a20c9ac95520d9d19425c

Download Submit
/data/data/com.network.android/databases/NetworkManagerData.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.network.android/databases/NetworkManagerData.db-wal

Filesize
28KB

MD5
4268aa7d53071c321c687b6bc817bab6

SHA1
1f3a817d99b0cf10b0b843d5f87b35b0975e4119

SHA256
57ec117d041d8d007fd910a1a7376d2fd691dfc4ebcbc80a6c3099fb21a696fd

SHA512
eac76bf68bd38a25e73875a6a293ac24aff6ec3a7348324af2420f7c8374d5ee3a002b8d01e35e8e6cf5a0cae2f40e0211545f3e4c51ba514e97ef117430f119

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
9617f08fbb3b1436dafca4151169c9f4

SHA1
4d4aedf20d1eeb14c8b42bb0174e235981c7e1a4

SHA256
8700d63bcd2649600019c533ea0ced28f9423906164a53d6c096f91965a07669

SHA512
5cc3413aae211936158f93fca289ec823c72bcfc31b26126cd57c2df5cfb85db022dfb3dccc402d8c3333b2bbf21c94120828dd83eecb391c736a4dae16ec8b4

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
8053fc7e51042e70b5ed2cb35fbea2e4

SHA1
e4aafc9bca6f5e2a4be284ea40ba285800390dd8

SHA256
2145c8a74efe2508dd77b828addb8cfc095788a3d5edf07a016db535b4a2d269

SHA512
507bf86efb45b79ef13a94f5637a5a14504ae10fd9bf3676218e3915db62528cae15b67e9f3ef9d7b4d3d9400e8fe357abbb9f7de6d3d3c5753d9c979af08628

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
fc41761dee0988eafa32a1565447d421

SHA1
df79f6e3f4e404cb1cd027a3abdb1617b7ac84bb

SHA256
b64d901af64487892283b60bb1e850fe01000f8ca281069622719cc3e7ff10fe

SHA512
0417e9650e1eec167a0273c31d461c90fba9701e5b8d181938adfa967978e212a4ce4d6b0056c6b52d122f8626d3de738f2c671143f557bea5cb1e6c18e574bc

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
53b7fc75d74850f3b1982314c724aa7d

SHA1
4411acbb76061e35e730464d45212548ede8a1ad

SHA256
9d8f51823033a4e90ac704730babf67d385d770b25f90fdf9a5f867fc985aefb

SHA512
12f10afa110ff523164e19d0e4962b9ea80c3983671f00a6eba4c0acee2eeca5e027313d47e5c81a2e5dace2300b214e261c10d5382f353e97ca54480684bd50

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads