Analysis
-
max time kernel
7s -
max time network
37s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
-
submitted
29/08/2024, 07:09 UTC
General
-
Target
lkrzfS7AOeznkk7w97TSkBKvDEGs8PmV.apk
-
Size
19KB
-
MD5
3a69bfbe5bc83c4df938177e05cd7c7c
-
SHA1
b6850881561265d89597d0d245b33dba3d7d3f47
-
SHA256
3474625e63d0893fc8f83034e835472d95195254e1e4bdf99153b7c74eb44d86
-
SHA512
491088a3494ee77401032171378a13c46a12e15dc29bdb3840d902ec8b11c084e84f2fc92aa1ae75bf2683b4fc05097cdf5389cd39c86e1547debd4ebf143586
-
SSDEEP
384:ricGiJTcFQZYNXNUsjjjdyDqFpciWb1snmhdbTOOIMC0lCgFQA1TjgJ23lxzOx:ricBJTcp9Uq47bimfTO68fJ23Pe
Malware Config
Signatures
-
Pegasus
Pegasus is a commercial Android spyware first seen in 2016.
-
Pegasus payload 2 IoCs
Processes
-
com.network.android1⤵
Network
-
DNSandroid.apis.google.comRemote address:1.1.1.1:53Requestandroid.apis.google.comIN AResponseandroid.apis.google.comIN CNAMEclients.l.google.comclients.l.google.comIN A216.58.213.14
-
216.58.204.78:443tls, https -
216.58.213.14:443android.apis.google.comtls
-
224.0.0.251:5353 -
1.1.1.1:53android.apis.google.comdns
DNS Request
android.apis.google.com
DNS Response
216.58.213.14
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
21KB
MD5c6e14c708321730ddef3e257bf7eaa4a
SHA18e5917a961d9dabbfc74c5e5c688a55080e04c90
SHA256bc73715cb50b9b2a867fba5d1b1253855925b70a1dd3be529a88dc65f150c84a
SHA51241ce754c5e880598371698f0e3ddd627431b7b444308d109beae15f71591a64a138a19503a1bba6aa2c9b9730e32922ad245ad1246b22b1c0d136f3982ac0878