pegasus | ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5

Analysis

max time kernel
12s
max time network
22s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
14/12/2024, 14:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample5.apk
Size

257KB
MD5

7c3ad8fec33465fed6563bbfabb5b13d
SHA1

e5920f3723e62e1850157f09baf556006bf80f74
SHA256

ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5
SHA512

75da7c118879d9430fb13c5a51d76e1278f0c1474d5cc25c4b9684b7d8c0f93b2e44584eee0f8b0d12016bc1efad367b45ff9ca5609853ae345b6d802ff63d10
SSDEEP

6144:OiJF1SCwcTjQGPihLcfUmu9XuS0nbkDIyTkRJ0P1d41RiFV1iFuU:OqF1VHzqLcfIJ4bqIeP9d4jkKFuU

Score

10^/10

pegasus collection discovery infostealer persistence trojan

Malware Config

Signatures

Pegasus
Pegasus is a commercial Android spyware first seen in 2016.
infostealer trojan pegasus
Pegasus family
pegasus

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/contacts	com.network.android

Reads the content of the browser bookmarks. 1 TTPs 1 IoCs

collection

Data from Local System

T1533

description	ioc	Process
URI accessed for read	content://browser/bookmarks	com.network.android

Reads the content of the call log. 1 TTPs 1 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	com.network.android

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.network.android

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.network.android

com.network.android
1⤵
- Reads the contacts stored on the device.
- Reads the content of the browser bookmarks.
- Reads the content of the call log.
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4251

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Data from Local System

T1533

Protected User Data

T1636

Call Log

T1636.002

Contact List

T1636.003

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.network.android/databases/NetworkManagerData.db

Filesize
16KB

MD5
b1b07690091ef56446cb1e2105e92d78

SHA1
a7c2ff91432530df5e42131b557029d481f5f44e

SHA256
2cbd6c123ba0396b016401cc9590cf6b7ce23538f57398e34615cdd614bda3cb

SHA512
89f4f33b7cd99eb06c1ee71baba6724ac1297f006789070f4bb1441f0de113ad7685995884f47356f8bcfeb559c4e7d57d2dc2fc4321bda21208a87b1ba0bacb

Download Submit
/data/data/com.network.android/databases/NetworkManagerData.db-journal

Filesize
512B

MD5
c59c5ca3c825bd9957356a974b4bdccd

SHA1
b789abb976f7947b7235c9d0e2f11c4bf21e3a36

SHA256
ef9238aa06e89462079409e55b142a437fb902806197f11a7824ab45c85594a1

SHA512
54084f961e879696c488e21d7e4547383c0f3b8442afab076435b1f6b743ff5f5cb3b98273e3b23b6e2fd3e414fdc7b1518903383e0ac4deefa99da11c3ec97b

Download Submit
/data/data/com.network.android/databases/NetworkManagerData.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.network.android/databases/NetworkManagerData.db-wal

Filesize
28KB

MD5
895d2d50648872de5646922ec2c5be37

SHA1
7f4bb42623223c9d5da7a707bb443ecf4a8342d8

SHA256
fceb36a6a4e321f8bcdd9312eb96d5eee7fc1dca0d14c51954cf9351cab41235

SHA512
b09702522c378cb2f1367e3d6a9f88023595ad6d76ef6d77c11ca0760d45d5c0cbb09b0498c77a8dd20146339b52bd866ce3eb1c4ff927ca5cab2452db4e3e32

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
040ebb546066539d5bace40460ff6657

SHA1
5f57417f5037cc5c59983f75431b7444576a1fcf

SHA256
e8543e0aa4676eb625ce5b713085cf56958dbf7e262abbb907e334039edabaeb

SHA512
5c22e29deb7d299e3291364e7c7886645f6d7d3e49e8308d5df746b0d9094bfb993b90a4eea42ecbe004e1045fa172ea6793b0409222eeeeed3719fb5e961420

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
9cc3eb57144c50106927bb105a05ad68

SHA1
f23452d76fd43ac0a4897db89d97f62436274843

SHA256
5d92f1447dd0a4a68f5916a8bfe1e8e2d1e3de06d206dc18d51477c1383d5130

SHA512
0341ca534a9bf1f602e6d6c8b82704efc4427015c0027213fea615ad83774048c51b8b73f94c6da2b030d50199dc983d75e1175cf274a38c89afe3561c7eeae8

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
312efc87a601b198b815e0d09486c7ad

SHA1
434f399a9cc011e41d5cd98157679c03cb197060

SHA256
3eec0309c7eb43244d1d2525a59aca03f08d5918d906f920915f90494eab6b13

SHA512
691443a42eacf542cbfc3f18435c3a176a0e8483a45d168474ac30a2f81f22c6f5f3d8a914189b251bc17928cff96ce8be04cac611dba9d5681a971bb3635f8c

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
523492be36c3831d177a2fb9ac491904

SHA1
e0190f223ba374e300e230813d269bed62ffef3d

SHA256
0c57f0f9ae5964f87c95a517db7a3bdf80cf6625a77287721f5b53d8d8ea2c1b

SHA512
dee422d1f7bffa701ea1ab771a5679cd0426ba1b956bda837532b343e07f7448ad5cd95eaddaee024a7a3f03d1ca7fa4cbf88820760b9e49c5119016c3600525

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads