pegasus | ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5

Analysis

max time kernel
90s
max time network
133s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
17/12/2024, 18:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ADE8BEF0AC29FA363FC9AFD958AF0074478AEF650ADEB0318517B48BD996D5D5.apk
Size

257KB
MD5

7c3ad8fec33465fed6563bbfabb5b13d
SHA1

e5920f3723e62e1850157f09baf556006bf80f74
SHA256

ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5
SHA512

75da7c118879d9430fb13c5a51d76e1278f0c1474d5cc25c4b9684b7d8c0f93b2e44584eee0f8b0d12016bc1efad367b45ff9ca5609853ae345b6d802ff63d10
SSDEEP

6144:OiJF1SCwcTjQGPihLcfUmu9XuS0nbkDIyTkRJ0P1d41RiFV1iFuU:OqF1VHzqLcfIJ4bqIeP9d4jkKFuU

Score

10^/10

pegasus collection discovery infostealer persistence trojan

Malware Config

Signatures

Pegasus
Pegasus is a commercial Android spyware first seen in 2016.
infostealer trojan pegasus
Pegasus family
pegasus

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/contacts	com.network.android

Reads the content of the browser bookmarks. 1 TTPs 1 IoCs

collection

Data from Local System

T1533

description	ioc	Process
URI accessed for read	content://browser/bookmarks	com.network.android

Reads the content of the call log. 1 TTPs 1 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	com.network.android

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.network.android

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.network.android

com.network.android
1⤵
- Reads the contacts stored on the device.
- Reads the content of the browser bookmarks.
- Reads the content of the call log.
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4235

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Data from Local System

T1533

Protected User Data

T1636

Call Log

T1636.002

Contact List

T1636.003

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.network.android/databases/NetworkManagerData.db

Filesize
16KB

MD5
b1b07690091ef56446cb1e2105e92d78

SHA1
a7c2ff91432530df5e42131b557029d481f5f44e

SHA256
2cbd6c123ba0396b016401cc9590cf6b7ce23538f57398e34615cdd614bda3cb

SHA512
89f4f33b7cd99eb06c1ee71baba6724ac1297f006789070f4bb1441f0de113ad7685995884f47356f8bcfeb559c4e7d57d2dc2fc4321bda21208a87b1ba0bacb

Download Submit
/data/data/com.network.android/databases/NetworkManagerData.db-journal

Filesize
512B

MD5
b5dbe9cc11ca25a0b80bbba2c00535dc

SHA1
a65e08ab1baf46fa39e5b779d4f74a71eb6db708

SHA256
2a2340031327aa81ed9b86218f76534dd8eac6fce0fceb17ca441f27dd5a2607

SHA512
f3ced73f4fb70450bd142b85e689a7db896eebb3ab7f08e0eca24a803990539591221a226a0653ef385752415d090c0d26d1a10318b2b11c19cc0ffee1784eab

Download Submit
/data/data/com.network.android/databases/NetworkManagerData.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.network.android/databases/NetworkManagerData.db-wal

Filesize
28KB

MD5
58904537851f05e3264079cfe2f77794

SHA1
66b1fc35e1cd6bbeaf8f6ba92491ba0e988862df

SHA256
b5ddc15e1b603419ba6bb7050fa25a1c41dd36e6d39044eb90bbf6b8846917aa

SHA512
24492a50e7e89542e4f78db0fd3e53bf062047872fd2bd07c6c47adfc9d8c0e31fffd3c457687c0c1e5aab1a6c3255a025b9bff4f176c0a3d4882ec6d1d187de

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
66533c3cf81fc41d6dceae7f3c6f3df5

SHA1
b2c26a873e8b9224e7f9dfbe2457f22efaea8afd

SHA256
95e30e0fc3c19d1ed3884da9d226c8d081125264b8f8d698c130886f057ab767

SHA512
1206a2a997a8b3eff3a789115ec6f7360f6caf2fcb832be80d6f187e4aa3741db4436a8657c8abc1cd7456f8bf9302be036c62aee7ec4f78b678e179df0e6319

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
1e92412412daa20ad98ae46839ff4388

SHA1
a7260980c2fc9f6cd3ab52a58e24442862ae9dee

SHA256
d22db8249716c2160d66aede4aa501dba4fbfb17cbad7b54764e6426eab9e214

SHA512
868f7be397875ca5a50b0e64542e3c3d05ff451935c78e6da459f4738012432af9a42a904051522614e0547a604d5775d6e49002b018f7b11a7d01dc818725f5

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
258ea25947ddae14c3e674bf94f0d4a5

SHA1
1b4a25b97ec4f725712448f5e2d7e7594800770e

SHA256
cdd4de4468b15a208c4e872324a35013c53f549ab56e91ae6d92c462cd07b327

SHA512
9af6bc073745c447a9c09f8a3ba97c2685318920403b7570ac0d4d98cf81516799ed5e6aef4b7a4d115f04606d6258fd257236feb485d9f48de43804fbb66146

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
dfbe2c780b49114a8a8ce60b5559366b

SHA1
46a610bf773e628fe44746ff5286f1e0e1f432a6

SHA256
067fa981a23981fdb88df8389d347a6180970f93cc4507c102116f3d85bf3e9d

SHA512
dbd042939e30aa1fe12dbabae72db05f1ad7fb46cfe8aaa5eb2ca65cdc30496fabcf8765b434b291db4b0a6b62a8c7bc7cff3007f47a517fd22e137e651e0be6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads