pegasus | ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5

Analysis

max time kernel
126s
max time network
147s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
19/09/2024, 15:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5.apk
Size

257KB
MD5

7c3ad8fec33465fed6563bbfabb5b13d
SHA1

e5920f3723e62e1850157f09baf556006bf80f74
SHA256

ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5
SHA512

75da7c118879d9430fb13c5a51d76e1278f0c1474d5cc25c4b9684b7d8c0f93b2e44584eee0f8b0d12016bc1efad367b45ff9ca5609853ae345b6d802ff63d10
SSDEEP

6144:OiJF1SCwcTjQGPihLcfUmu9XuS0nbkDIyTkRJ0P1d41RiFV1iFuU:OqF1VHzqLcfIJ4bqIeP9d4jkKFuU

Score

10^/10

pegasus collection discovery infostealer persistence trojan

Malware Config

Signatures

Pegasus
Pegasus is a commercial Android spyware first seen in 2016.
infostealer trojan pegasus

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/contacts	com.network.android

Reads the content of the browser bookmarks. 1 TTPs 1 IoCs

collection

Data from Local System

T1533

description	ioc	Process
URI accessed for read	content://browser/bookmarks	com.network.android

Reads the content of the call log. 1 TTPs 1 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	com.network.android

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.network.android

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.network.android

com.network.android
1⤵
- Reads the contacts stored on the device.
- Reads the content of the browser bookmarks.
- Reads the content of the call log.
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4975

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Data from Local System

T1533

Protected User Data

T1636

Call Log

T1636.002

Contact List

T1636.003

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.network.android/databases/NetworkManagerData.db

Filesize
16KB

MD5
2839279a9a853a40909c1dca03d2337f

SHA1
03baa059604d878e22917202fd90fb5f7de635ce

SHA256
97c1943ed1e984e7af5d8c490197075b8e43af11568663abee7c61f4e2caf0d8

SHA512
bc63d7854eee474c97373a207031f7358bcb8330dcbab015cf2515e21728c0d0737fd3e452e3d4c4be2c52ff00a86a472592c540e374d3293141c425b276de56

Download Submit
/data/data/com.network.android/databases/NetworkManagerData.db-journal

Filesize
8KB

MD5
351b3d12e1112f5175b6998e587f3863

SHA1
482887339bbf9f77193924ca71eddf2aaa675ed7

SHA256
652c7439dc1cd23b6077b8332c4c5f1fa3d1a8378c3ae8846e5e3b4240a8022f

SHA512
1e6af82f0fda4a7f2583e149b99295508b5921a88585ef83b6ab256213cfa49ee74ca066d9d7a3ba9512d141fd9164a7ae43d9f9ee5456756dd3dfb3ef57fac8

Download Submit
/data/data/com.network.android/databases/NetworkManagerData.db-journal

Filesize
8KB

MD5
08e3c673e7c8041faef4e376a9815aca

SHA1
a1d7d050b7312a895d3452f59681ea6d8932628d

SHA256
5db9893b52dee141e8640fc202e8e5f69ca5d7ebfd568342895bd50a8da00ba9

SHA512
4c5b77ae39a4ff14e83a920ffb716401b8b1e96d09ce4c552bf5a12cbc48d475d624793a5f7154896ccc360a78ab644e87b66fe293b1896ccde036cc7fedcb44

Download Submit
/data/data/com.network.android/databases/NetworkManagerData.db-journal

Filesize
512B

MD5
9a210339988590a8a3a9d159876b2c30

SHA1
b524924218a5663a20b8d0e6fbb0ed751fcb2f76

SHA256
dd5855bbd7b85a60e745327f1c7d03a3b352f2e7eb4868c4857298a66954f3e1

SHA512
3fe92ddbfac4a064c74cd9a788d3f50cf6b785d9b35540a0cd402f35224919630443d4936ab3a8e9346cd15ebe6a71caabf5b29b8fc0f0866df21664e397bfc8

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
c08a995fdb6f6fb2cf9c43332fc29f53

SHA1
e4bc36e2e36cfe87af34edd2953eee8629752dde

SHA256
4d877d61e145b4e718319441ad212f84ff189017bdfdd3acf4bd8462b4532b00

SHA512
4406858abcc9126637738feed434c01263527eb6fff92e4fd21269f2f3a5e87d8e6d3ec36096a5ed8a864ae4018eb1f702fe1a23665f5ce7b04c12f080cc1252

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
e0bf07138570017fddaeccb69009dc31

SHA1
1d3ba2e5aea9b9806ccde87f9899f7dccd9de02a

SHA256
b8de92f8bddec064407a5a0a59341b366922f1a1ffaad7d18933c9b965518482

SHA512
a7a68e0977255efba1a10b39e4fbd7ee69fc7b9c7f917f932ca139ca12c6aec80d434dc9b60c7d5f728b3b1e616b0e6c5ae8b75203c2b067e808583d0af81e89

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
565d501c8969e59f20694c69114d4cce

SHA1
d03e7b6d0140978bfb2be2805ba4c95e273b6fca

SHA256
3f760ddf3acf65f6322c2b48054d2b37df729d1403b08c319950668f039b45f5

SHA512
5522862f8649cae9a6d84e4f652933757d35248ee09981212b467dbab840ca7ea24a963c5617031f5ff306562a0cf26a0fe629d859f5984e4648c84557b1b10d

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
5bd4a8edcec075228daa5268a751fb26

SHA1
6ac0b41e4f6b529cda9859555ebd94555e5874de

SHA256
24397d4245e894d67fd5a0d30f7c63f27244d9650ee00da4ab97f164352a0dc0

SHA512
a88536fc4cb658367be18b6d8714308336aa490981080dbf27d71f21951bb19fc91c8530925550b96f04555dd2d47e214727d2726ac021ac9ddaed40566dbfd6

Download Submit
/data/data/com.network.android/pex.dat

Filesize
12KB

MD5
138d764910cb46a05b83d5af830dcfd4

SHA1
583dafb10cbfa0941821d9fe721b4a28498ae656

SHA256
0aa2c4123b0ccd2e11f3ea6bf425488da6b7db400745fb43e8563aa1d5f95731

SHA512
874b0c9745cb1446ae6e826e7888b08e1e7127b790bf3842093d16499175922a6305c7244c9b42a854cd7685bbe18d879cb057d59ed45bd30fd9dc11748e3584

Download Submit
/data/data/com.network.android/srcsu.dat

Filesize
8KB

MD5
f091e95aa696a326b4b948869fd3df78

SHA1
3e2b4a81bac630973a990ed1e9e0a973158a818a

SHA256
5f1c4d94b3c91704c3955b8954ce543eecb292da4a58b7c61e7592adcffa0f33

SHA512
0b5ed603ca79db5a98e2b4e24d98eecedc7bcdc660efb37241f9c3e40a68e9fab5caac53a1a4e3fb6cfd99ac40c0ab8acf63d4e5ff96c7ab03aebec4f87b35f0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads