pegasus | ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5

Analysis

max time kernel
126s
max time network
145s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
19/09/2024, 15:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5.apk
Size

257KB
MD5

7c3ad8fec33465fed6563bbfabb5b13d
SHA1

e5920f3723e62e1850157f09baf556006bf80f74
SHA256

ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5
SHA512

75da7c118879d9430fb13c5a51d76e1278f0c1474d5cc25c4b9684b7d8c0f93b2e44584eee0f8b0d12016bc1efad367b45ff9ca5609853ae345b6d802ff63d10
SSDEEP

6144:OiJF1SCwcTjQGPihLcfUmu9XuS0nbkDIyTkRJ0P1d41RiFV1iFuU:OqF1VHzqLcfIJ4bqIeP9d4jkKFuU

Score

10^/10

pegasus collection discovery infostealer persistence trojan

Malware Config

Signatures

Pegasus
Pegasus is a commercial Android spyware first seen in 2016.
infostealer trojan pegasus

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/contacts	com.network.android

Reads the content of the browser bookmarks. 1 TTPs 1 IoCs

collection

Data from Local System

T1533

description	ioc	Process
URI accessed for read	content://browser/bookmarks	com.network.android

Reads the content of the call log. 1 TTPs 1 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	com.network.android

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.network.android

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.network.android

com.network.android
1⤵
- Reads the contacts stored on the device.
- Reads the content of the browser bookmarks.
- Reads the content of the call log.
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4249

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Data from Local System

T1533

Protected User Data

T1636

Call Log

T1636.002

Contact List

T1636.003

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.network.android/databases/NetworkManagerData.db

Filesize
16KB

MD5
b1b07690091ef56446cb1e2105e92d78

SHA1
a7c2ff91432530df5e42131b557029d481f5f44e

SHA256
2cbd6c123ba0396b016401cc9590cf6b7ce23538f57398e34615cdd614bda3cb

SHA512
89f4f33b7cd99eb06c1ee71baba6724ac1297f006789070f4bb1441f0de113ad7685995884f47356f8bcfeb559c4e7d57d2dc2fc4321bda21208a87b1ba0bacb

Download Submit
/data/data/com.network.android/databases/NetworkManagerData.db-journal

Filesize
512B

MD5
15785b7245f977dbd2e5680613567ad4

SHA1
695bc9d1f16bf941ea2fdbd8cff480d8671712d7

SHA256
6a6dacd5263752b742d3230214fc15de9c2b0e5c6002ac25df5d40668a29b5a2

SHA512
6188c8258400dc7b9e573e64b8621b14a86dc51069e5bd41d5d786e87c8b6f7784a764ee05afa11a3629d4cd6a5952398a0495e604c7bf9f7cd631317d4dfef8

Download Submit
/data/data/com.network.android/databases/NetworkManagerData.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.network.android/databases/NetworkManagerData.db-wal

Filesize
28KB

MD5
0915dafd8078ff3fca8ee84bd861d029

SHA1
c3dcadcb411c78c1956cb12f196f882da7e150e3

SHA256
b2c3cb027168aeb81cdce9f12f174e99a37cadb6c039251bddfea80f4b636009

SHA512
ca8ad610e118fd498bb30fddeef42b5fdb2728198764deab5c82a9dda462e775b9922712f5120d23c2aa975874e42c5c12903f3a72ed62562ec0b8822368c706

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
565d501c8969e59f20694c69114d4cce

SHA1
d03e7b6d0140978bfb2be2805ba4c95e273b6fca

SHA256
3f760ddf3acf65f6322c2b48054d2b37df729d1403b08c319950668f039b45f5

SHA512
5522862f8649cae9a6d84e4f652933757d35248ee09981212b467dbab840ca7ea24a963c5617031f5ff306562a0cf26a0fe629d859f5984e4648c84557b1b10d

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
6129bee15d1c96a3c45ca1f72a3caf43

SHA1
ed94673db45e66965aba15f0bd5efa9c0ac850a6

SHA256
bda1f6af0196ef602f6de24773e2f5447eb3f8fd2cdba54b400d6b5afe31e6d8

SHA512
00c89b93a26dca0b8f6468d4c096aa6fd5cd2b75a3476b396441c14402035f61f04d1a749a541b368426947b930c4c17500fc18849f12d103fee33a0f58239da

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
28f30b493f434c86b5b15e3b15c7d32f

SHA1
78b44794c941150630c86bf0fa065ac5884e56cf

SHA256
49b127fbf4a4330e8cedcb8baea3020eae2a4b94b7cf7cb4a8b670f357cc89f2

SHA512
c42093d0f545c15ec1cb90a27ffb7fce255933efca03e985bdc02c9f5b2b80eb200fd56b1e9e06110ff7d097af419e8ab2804197ec3bc751323e834de7548281

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
356b877400a436a1eeff47c1795e90b8

SHA1
722e1997befb1d34b5c3c09a2ee6c8f56c1c661f

SHA256
389ec9b6da7bd908bb4535e6e07493a85189b8f5a31df39a9e4ede3061016fac

SHA512
004033fb8b1df2d9efa75071e22214151a45573f8c2e4d24db470ea4d17841ca90b5b7ea615be94731b592c9a4d66a813b023411b5601b5f4c1d7e9fea4446ca

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads