pegasus | 6119f226c79c0e1a34106c08a174dd55de90d6c4160ee0bd6d589a504c42d8d1

General

Target

c7d89216e74edf933ce8f5a467e9b245_JaffaCakes118
Size

10.8MB
Sample

240828-3h76hasbrg
MD5

c7d89216e74edf933ce8f5a467e9b245
SHA1

3c4f5437fabecbb4b747896b0161f21c33f71122
SHA256

6119f226c79c0e1a34106c08a174dd55de90d6c4160ee0bd6d589a504c42d8d1
SHA512

8f7c9623f60019e2fe209806700a1e0b0a91e3d448400a081f558c9769ff18ac3e82116305a5d5be788f9d824d559c604b6870dffd38d31258ea53dd1dfcb32b
SSDEEP

196608:bjH9Cno8MNlQstqztOuYe7iPDRsUdB8GOxUviNISmkxoIlThOIYJnbS352sE:bjdCKlQsAztOdJdvK6SmSYU/E

Score

10^/10

Malware Config

Targets

- Target
  
  c7d89216e74edf933ce8f5a467e9b245_JaffaCakes118
- Size
  
  10.8MB
- MD5
  
  c7d89216e74edf933ce8f5a467e9b245
- SHA1
  
  3c4f5437fabecbb4b747896b0161f21c33f71122
- SHA256
  
  6119f226c79c0e1a34106c08a174dd55de90d6c4160ee0bd6d589a504c42d8d1
- SHA512
  
  8f7c9623f60019e2fe209806700a1e0b0a91e3d448400a081f558c9769ff18ac3e82116305a5d5be788f9d824d559c604b6870dffd38d31258ea53dd1dfcb32b
- SSDEEP
  
  196608:bjH9Cno8MNlQstqztOuYe7iPDRsUdB8GOxUviNISmkxoIlThOIYJnbS352sE:bjdCKlQsAztOdJdvK6SmSYU/E
Score

8^/10

banker collection discovery evasion impact persistence
- Checks if the Android device is rooted.
  evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Reads the content of the call log.
  collection
- Requests cell location
  Uses Android APIs to to get current cell location.
  collection discovery evasion
- Domain associated with commercial stalkerware software, includes indicators from echap.eu.org
- Queries information about active data network
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
- Reads information about phone network operator.
  discovery
behavioral1
- Target
  
  UPPayPluginEx.apk
- Size
  
  749KB
- MD5
  
  d3efba2691f9bbeed1933fb6a744fd63
- SHA1
  
  7d29874eb2191292963ec69d9238678e0600ec10
- SHA256
  
  391b81b1be13d3ab3caec5492787491da6594e51fe28752c6e6cc3ad7a6a5785
- SHA512
  
  26776ec762579db47fc4c4ebbba4435750b3dffda52e71209934586f0edda442b07f3787a569f5b1e1b808789f57abcaa1e467a4a4ee422c150591ebde5d206e
- SSDEEP
  
  12288:AdBQNmgx/FUk3ee4BunZ49fS9+gNOhz/dTbjTLME7pjowOkcN/6kIUXThJRkV+hz:pNTx/FJexgn4Emhz1THfMoowOkcNCklb
Score

1^/10
behavioral2
- Target
  
  alipay_plugin_20120428msp.apk
- Size
  
  286KB
- MD5
  
  4a89d8a1da67ffb789e71dcced41a691
- SHA1
  
  b72bc1d8920ed03c8bfcb8e431169f4508e71976
- SHA256
  
  5dab6575a279591032487cd2b8e428f7a90ac8b1fc4eacee245522feba2b2039
- SHA512
  
  a09342efcabc691c9efdf256c93e3f326d6785c7b2d6c1d4d12dfbdb676f544fcaa08ca373a550faebe3cdab2b5f82781e28cbf5f4779c3905851876eddc95d3
- SSDEEP
  
  6144:OV/Mo6jF1cM8qgmgMPE8fRsrYQ0d0ROgE8XF2Q9WDBRa/dEW7BhDJUK:OVWjFiCgxmpsrYQ0uR48XF2Q9W1R1Wlv
Score

1^/10
behavioral3 behavioral4 behavioral5