pegasus | ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5

Analysis

max time kernel
39s
max time network
73s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
29-08-2024 07:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

i6Dvnpc68OqGVFdMWyc1rTEeVbKR6J6d.apk
Size

257KB
MD5

7c3ad8fec33465fed6563bbfabb5b13d
SHA1

e5920f3723e62e1850157f09baf556006bf80f74
SHA256

ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5
SHA512

75da7c118879d9430fb13c5a51d76e1278f0c1474d5cc25c4b9684b7d8c0f93b2e44584eee0f8b0d12016bc1efad367b45ff9ca5609853ae345b6d802ff63d10
SSDEEP

6144:OiJF1SCwcTjQGPihLcfUmu9XuS0nbkDIyTkRJ0P1d41RiFV1iFuU:OqF1VHzqLcfIJ4bqIeP9d4jkKFuU

Score

10^/10

pegasus collection discovery infostealer persistence trojan

Malware Config

Signatures

Pegasus
Pegasus is a commercial Android spyware first seen in 2016.
infostealer trojan pegasus

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/contacts	com.network.android

Reads the content of the browser bookmarks. 1 TTPs 1 IoCs

collection

Data from Local System

T1533

description	ioc	Process
URI accessed for read	content://browser/bookmarks	com.network.android

Reads the content of the call log. 1 TTPs 1 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	com.network.android

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.network.android

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.network.android

com.network.android
1⤵
- Reads the contacts stored on the device.
- Reads the content of the browser bookmarks.
- Reads the content of the call log.
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4258

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Data from Local System

T1533

Protected User Data

T1636

Call Log

T1636.002

Contact List

T1636.003

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.network.android/databases/NetworkManagerData.db

Filesize
16KB

MD5
b1b07690091ef56446cb1e2105e92d78

SHA1
a7c2ff91432530df5e42131b557029d481f5f44e

SHA256
2cbd6c123ba0396b016401cc9590cf6b7ce23538f57398e34615cdd614bda3cb

SHA512
89f4f33b7cd99eb06c1ee71baba6724ac1297f006789070f4bb1441f0de113ad7685995884f47356f8bcfeb559c4e7d57d2dc2fc4321bda21208a87b1ba0bacb

Download Submit
/data/data/com.network.android/databases/NetworkManagerData.db-journal

Filesize
512B

MD5
2134656e56ebdc7111b15118afdc302f

SHA1
ac4094d918b71246a7f7e8d24298668760ecb1b7

SHA256
7993c615c277d5a539eefdd78f211e8668635bc35eb54f6836556da117736584

SHA512
e136adb8103b361b3b38be07afc938c52692f46bf1bfe55931e40c998f8c1f2f8cead6786958eb1dd6b532090a55f5c82f5498ed8d35d71ce566e12ee190fd72

Download Submit
/data/data/com.network.android/databases/NetworkManagerData.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.network.android/databases/NetworkManagerData.db-wal

Filesize
28KB

MD5
22ee9f5540dd76399d93476b92990419

SHA1
e4aaa29c83b63858db24c13fbd58afa3984a3e69

SHA256
f202a996cf98c5e2ac488b8836fe414f54a7fe659e65e56089d625207175d18b

SHA512
2a227ff7587302251738efdaf828afe8bd852ddcfb5d495672ebde95d0075ffa4cb9e4d847b32dbc312f5120739ed34196d75cee92f3495717dd35da5ae6fa50

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
d32d632eec3b324fc0c9d21aa822031e

SHA1
2bac58d2bd0c09e48cc21627f2960fa19d48dc36

SHA256
d2e87eff3ef8b1a96daedcbab0b0d42bc28f52bdce0b4fe14dd787eec0308ddd

SHA512
37d11af350742dbe7e66afabebdf361ba837f801d30bf438fb8184ab5b6816ed77f9061ed3358129e3dd13c36584bb5edee991950ad8deff826df924715a11f0

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
65ac5109445fc363fe4595c9f7c3031d

SHA1
f88895a050a7a2facfddd575012fb41cf11bc5bc

SHA256
77408338fc3dd8114a045ac87aa238b1a63e369d2112d71630b9ad20525f80ce

SHA512
7b7846d9ed95913b5d943d4d8b1b47ed5b2c54bb9334e101d7cba24eb4c372bd1b6069bc546be4a53971350661570140e763fe2d1c2cbdd92ef63706ac0b72ef

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
925ed3b8c1286affaa5bd3f36a6f244d

SHA1
0e92a5167a2a17d6814b3a1f5fedfe095d4214f2

SHA256
b6707eb3f2d246bbfe797ae7bf2f1616f5506b1c9103434a49d17a6d1984fa1d

SHA512
e71514749296a99da4b4bf37f8ac85a190ac56aec1faf14d30b132a303b00734a14446801f17eeee0fe5f4f490028386437614d370883f1fa7d7733ae2d75786

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
df5ab1da3b497852173cccbc2f649582

SHA1
b0853069953d89fe18510f1df071691d91d770c9

SHA256
1c35f5d5cbb4a7a166e85ba74320dae1975debc9f3f11ddbedf892df3e194539

SHA512
0f6153c985c72282cfac7760f8c2da6dd84f940768d6078db8f44606ab74fb5f4d74fc82e3b9ffb0475a348b0e9014a6dce6831ef531c1963a3596d20e801ad3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads