pegasus | ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5

Analysis

max time kernel
12s
max time network
23s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
14-12-2024 14:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample5.apk
Size

257KB
MD5

7c3ad8fec33465fed6563bbfabb5b13d
SHA1

e5920f3723e62e1850157f09baf556006bf80f74
SHA256

ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5
SHA512

75da7c118879d9430fb13c5a51d76e1278f0c1474d5cc25c4b9684b7d8c0f93b2e44584eee0f8b0d12016bc1efad367b45ff9ca5609853ae345b6d802ff63d10
SSDEEP

6144:OiJF1SCwcTjQGPihLcfUmu9XuS0nbkDIyTkRJ0P1d41RiFV1iFuU:OqF1VHzqLcfIJ4bqIeP9d4jkKFuU

Score

10^/10

pegasus collection discovery infostealer persistence trojan

Malware Config

Signatures

Pegasus
Pegasus is a commercial Android spyware first seen in 2016.
infostealer trojan pegasus
Pegasus family
pegasus

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/contacts	com.network.android

Reads the content of the browser bookmarks. 1 TTPs 1 IoCs

collection

Data from Local System

T1533

description	ioc	Process
URI accessed for read	content://browser/bookmarks	com.network.android

Reads the content of the call log. 1 TTPs 1 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	com.network.android

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.network.android

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.network.android

com.network.android
1⤵
- Reads the contacts stored on the device.
- Reads the content of the browser bookmarks.
- Reads the content of the call log.
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4958

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Data from Local System

T1533

Protected User Data

T1636

Call Log

T1636.002

Contact List

T1636.003

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.network.android/databases/NetworkManagerData.db

Filesize
16KB

MD5
2839279a9a853a40909c1dca03d2337f

SHA1
03baa059604d878e22917202fd90fb5f7de635ce

SHA256
97c1943ed1e984e7af5d8c490197075b8e43af11568663abee7c61f4e2caf0d8

SHA512
bc63d7854eee474c97373a207031f7358bcb8330dcbab015cf2515e21728c0d0737fd3e452e3d4c4be2c52ff00a86a472592c540e374d3293141c425b276de56

Download Submit
/data/data/com.network.android/databases/NetworkManagerData.db-journal

Filesize
8KB

MD5
47a0625c14dc10e34d98a400a3c6a23d

SHA1
26c8e311881891a383f63be45c7388918d16e358

SHA256
5d02f4a697d2f06999f275885e6d99eb5f0f316b24fadb7c0dbb4fc1d2c588d1

SHA512
b85daad99bc428c9ec919d8571525ead6cb6f42b60c5aaceb9fad22cb8109f796a68eb17dba29b8d4188be3c8879ff12687291239de063309fc99a2aed1bb888

Download Submit
/data/data/com.network.android/databases/NetworkManagerData.db-journal

Filesize
8KB

MD5
60e5e7a1000910c83ebbfbe3ed359761

SHA1
490a601ddb548c2fdc10768916faeeb14c826d5c

SHA256
bd5da118eb03e46fe7056b054f481822ead69597542bde95428de21fd77521a2

SHA512
296cc04770360613cd0ff3f4fea1c800834b179ff2f8e12236e5d00589e562b6ea0bb1320f72548cb2d94ec64d0ab6534003b5ec342c0a082449d536d53f1a53

Download Submit
/data/data/com.network.android/databases/NetworkManagerData.db-journal

Filesize
512B

MD5
842e1883dd96f45c1bf4c24ae0ba9d55

SHA1
bf16b459112beedba3bd06f7167d73188e93aa11

SHA256
949b3eb36a5031d782096cdab6a5fab3581586da960382b290845bfacc5e670e

SHA512
0bce176d7540b92dd4ed796043c0ed07e411852df9010b25c87318f7578d43d4a46926e56de7959c7eb5427577484f5af5540f90aa0d635dbf55ba9cebd13055

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
696e5a00f4f7b3777774a4721f472135

SHA1
e762bac361916307ea1a31b58eab2d8b716b0d61

SHA256
3fa9a77e64feffb58e21ead43cbb363583f49eb589d8cd432c5d9f0902a26af9

SHA512
1abea733d11b657fab85d04e5e681fd44b0a8a4d3d13e818ca57b952431aaa3f28862aaba243400f6ecbb4cc17ece1b33461d125733aae318b14c32f5127bb79

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
d0e55d2a8b279b457ffbca111ed8f203

SHA1
4a8e8bea348cdc69b73c554639bc3be4423b2761

SHA256
632d3835a10d98313b545ed4578e5a2a1f2afcd82b6b6d90c125b7ee575a7cef

SHA512
6f490a482826cb2ee209181242efe2b87a3a38fefff761e81dcc75ea49f132114eeaf8f799affbb483bf1d898baaa4521ace9aff7bf13a1371a1d4623c03b713

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
312efc87a601b198b815e0d09486c7ad

SHA1
434f399a9cc011e41d5cd98157679c03cb197060

SHA256
3eec0309c7eb43244d1d2525a59aca03f08d5918d906f920915f90494eab6b13

SHA512
691443a42eacf542cbfc3f18435c3a176a0e8483a45d168474ac30a2f81f22c6f5f3d8a914189b251bc17928cff96ce8be04cac611dba9d5681a971bb3635f8c

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
523492be36c3831d177a2fb9ac491904

SHA1
e0190f223ba374e300e230813d269bed62ffef3d

SHA256
0c57f0f9ae5964f87c95a517db7a3bdf80cf6625a77287721f5b53d8d8ea2c1b

SHA512
dee422d1f7bffa701ea1ab771a5679cd0426ba1b956bda837532b343e07f7448ad5cd95eaddaee024a7a3f03d1ca7fa4cbf88820760b9e49c5119016c3600525

Download Submit
/data/data/com.network.android/pex.dat

Filesize
12KB

MD5
138d764910cb46a05b83d5af830dcfd4

SHA1
583dafb10cbfa0941821d9fe721b4a28498ae656

SHA256
0aa2c4123b0ccd2e11f3ea6bf425488da6b7db400745fb43e8563aa1d5f95731

SHA512
874b0c9745cb1446ae6e826e7888b08e1e7127b790bf3842093d16499175922a6305c7244c9b42a854cd7685bbe18d879cb057d59ed45bd30fd9dc11748e3584

Download Submit
/data/data/com.network.android/srcsu.dat

Filesize
8KB

MD5
f091e95aa696a326b4b948869fd3df78

SHA1
3e2b4a81bac630973a990ed1e9e0a973158a818a

SHA256
5f1c4d94b3c91704c3955b8954ce543eecb292da4a58b7c61e7592adcffa0f33

SHA512
0b5ed603ca79db5a98e2b4e24d98eecedc7bcdc660efb37241f9c3e40a68e9fab5caac53a1a4e3fb6cfd99ac40c0ab8acf63d4e5ff96c7ab03aebec4f87b35f0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads