pegasus | ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5

Analysis

max time kernel
154s
max time network
131s
platform
android_x64
resource
android-x64-20240514-en
resource tags

androidarch:x64arch:x86image:android-x64-20240514-enlocale:en-usos:android-10-x64system
submitted
28/05/2024, 07:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7c3ad8fec33465fed6563bbfabb5b13d_JaffaCakes118.apk
Size

257KB
MD5

7c3ad8fec33465fed6563bbfabb5b13d
SHA1

e5920f3723e62e1850157f09baf556006bf80f74
SHA256

ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5
SHA512

75da7c118879d9430fb13c5a51d76e1278f0c1474d5cc25c4b9684b7d8c0f93b2e44584eee0f8b0d12016bc1efad367b45ff9ca5609853ae345b6d802ff63d10
SSDEEP

6144:OiJF1SCwcTjQGPihLcfUmu9XuS0nbkDIyTkRJ0P1d41RiFV1iFuU:OqF1VHzqLcfIJ4bqIeP9d4jkKFuU

Score

10^/10

pegasus collection discovery infostealer persistence trojan

Malware Config

Signatures

Pegasus
Pegasus is a commercial Android spyware first seen in 2016.
infostealer trojan pegasus

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/contacts	com.network.android

Reads the content of the browser bookmarks. 1 TTPs 1 IoCs

collection

Data from Local System

T1533

description	ioc	Process
URI accessed for read	content://browser/bookmarks	com.network.android

Reads the content of the call log. 1 TTPs 1 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	com.network.android

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.network.android

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.network.android

com.network.android
1⤵
- Reads the contacts stored on the device.
- Reads the content of the browser bookmarks.
- Reads the content of the call log.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
PID:5116

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Data from Local System

T1533

Protected User Data

T1636

Call Log

T1636.002

Contact List

T1636.003

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.network.android/databases/NetworkManagerData.db

Filesize
16KB

MD5
2839279a9a853a40909c1dca03d2337f

SHA1
03baa059604d878e22917202fd90fb5f7de635ce

SHA256
97c1943ed1e984e7af5d8c490197075b8e43af11568663abee7c61f4e2caf0d8

SHA512
bc63d7854eee474c97373a207031f7358bcb8330dcbab015cf2515e21728c0d0737fd3e452e3d4c4be2c52ff00a86a472592c540e374d3293141c425b276de56

Download Submit
/data/data/com.network.android/databases/NetworkManagerData.db-journal

Filesize
8KB

MD5
088fff18d9680a34f5bd92e05af38b5e

SHA1
32074e52edff765a6ffa60d4d492587cf2a68edd

SHA256
55d27f9cc3807ab6ac4159020c624c23975477266979f57dae4e26c483a08ef6

SHA512
ff21a6683dbf01e7b2265d80d184e0fdc251b53e17a8914525bf35e326dae5f2f028768b3ea7ed4876fa35858cb3b71086221545c73ff9c0a1573c0d855d77ae

Download Submit
/data/data/com.network.android/databases/NetworkManagerData.db-journal

Filesize
8KB

MD5
09cec5cfb4d6d3bbc59cf02e247db8dc

SHA1
7c8858f5aaf30d8b054cc3137ad438730bb27f0c

SHA256
1b0734d3c84f048de332010f863fdc30821a9bdd20962957f4a3efe9a69c21bd

SHA512
635e03d751e9bc28947b93d381c919c3a96a1a79ec60539b53b2a350ba91a05d4bc5444a0f41b51433216b299c2f087e587d4110384c1068c2ff25197040a0ee

Download Submit
/data/data/com.network.android/databases/NetworkManagerData.db-journal

Filesize
512B

MD5
69cbf549034522556c61b19febf37491

SHA1
2e50c1ee5d81180d771d3c23eda0d68fb0f56ab7

SHA256
4a895af274a9933be32d1bd3832162ea4fd28695f236c4894d9caddad0715f2d

SHA512
63fe402781ea99638ef28d0ecf409e874907bcd95a5b2e15ea3b51535b9c75e555a43baf2960a102488172db9e6c3e959809b88a2d83946f768ce42fe6a93a3a

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
b77d2cf0f0c800f0b60a7370b310414e

SHA1
9d8cee938e6278b5bbe93eecea332849f6e91e9b

SHA256
353a7c96d49bbd52b1cd9add812cbd0a5851d79421ed479b2ed807bcff2ef46a

SHA512
aebbe572bd9a782dd58a3bb989ddf3cb12a6be03bc37ac2805e843145805d1545d92302908fa32b6c23334c44fa3ab47efe816bddeb7441d5828b74f9deb7ea8

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
8053fc7e51042e70b5ed2cb35fbea2e4

SHA1
e4aafc9bca6f5e2a4be284ea40ba285800390dd8

SHA256
2145c8a74efe2508dd77b828addb8cfc095788a3d5edf07a016db535b4a2d269

SHA512
507bf86efb45b79ef13a94f5637a5a14504ae10fd9bf3676218e3915db62528cae15b67e9f3ef9d7b4d3d9400e8fe357abbb9f7de6d3d3c5753d9c979af08628

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
fc41761dee0988eafa32a1565447d421

SHA1
df79f6e3f4e404cb1cd027a3abdb1617b7ac84bb

SHA256
b64d901af64487892283b60bb1e850fe01000f8ca281069622719cc3e7ff10fe

SHA512
0417e9650e1eec167a0273c31d461c90fba9701e5b8d181938adfa967978e212a4ce4d6b0056c6b52d122f8626d3de738f2c671143f557bea5cb1e6c18e574bc

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
53b7fc75d74850f3b1982314c724aa7d

SHA1
4411acbb76061e35e730464d45212548ede8a1ad

SHA256
9d8f51823033a4e90ac704730babf67d385d770b25f90fdf9a5f867fc985aefb

SHA512
12f10afa110ff523164e19d0e4962b9ea80c3983671f00a6eba4c0acee2eeca5e027313d47e5c81a2e5dace2300b214e261c10d5382f353e97ca54480684bd50

Download Submit
/data/data/com.network.android/pex.dat

Filesize
12KB

MD5
138d764910cb46a05b83d5af830dcfd4

SHA1
583dafb10cbfa0941821d9fe721b4a28498ae656

SHA256
0aa2c4123b0ccd2e11f3ea6bf425488da6b7db400745fb43e8563aa1d5f95731

SHA512
874b0c9745cb1446ae6e826e7888b08e1e7127b790bf3842093d16499175922a6305c7244c9b42a854cd7685bbe18d879cb057d59ed45bd30fd9dc11748e3584

Download Submit
/data/data/com.network.android/srcsu.dat

Filesize
8KB

MD5
f091e95aa696a326b4b948869fd3df78

SHA1
3e2b4a81bac630973a990ed1e9e0a973158a818a

SHA256
5f1c4d94b3c91704c3955b8954ce543eecb292da4a58b7c61e7592adcffa0f33

SHA512
0b5ed603ca79db5a98e2b4e24d98eecedc7bcdc660efb37241f9c3e40a68e9fab5caac53a1a4e3fb6cfd99ac40c0ab8acf63d4e5ff96c7ab03aebec4f87b35f0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads