pegasus | ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5

Analysis

max time kernel
143s
max time network
150s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
17/12/2024, 18:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ADE8BEF0AC29FA363FC9AFD958AF0074478AEF650ADEB0318517B48BD996D5D5.apk
Size

257KB
MD5

7c3ad8fec33465fed6563bbfabb5b13d
SHA1

e5920f3723e62e1850157f09baf556006bf80f74
SHA256

ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5
SHA512

75da7c118879d9430fb13c5a51d76e1278f0c1474d5cc25c4b9684b7d8c0f93b2e44584eee0f8b0d12016bc1efad367b45ff9ca5609853ae345b6d802ff63d10
SSDEEP

6144:OiJF1SCwcTjQGPihLcfUmu9XuS0nbkDIyTkRJ0P1d41RiFV1iFuU:OqF1VHzqLcfIJ4bqIeP9d4jkKFuU

Score

10^/10

pegasus collection discovery infostealer persistence trojan

Malware Config

Signatures

Pegasus
Pegasus is a commercial Android spyware first seen in 2016.
infostealer trojan pegasus
Pegasus family
pegasus

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/contacts	com.network.android

Reads the content of the browser bookmarks. 1 TTPs 1 IoCs

collection

Data from Local System

T1533

description	ioc	Process
URI accessed for read	content://browser/bookmarks	com.network.android

Reads the content of the call log. 1 TTPs 1 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	com.network.android

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.network.android

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.network.android

com.network.android
1⤵
- Reads the contacts stored on the device.
- Reads the content of the browser bookmarks.
- Reads the content of the call log.
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5070

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Data from Local System

T1533

Protected User Data

T1636

Call Log

T1636.002

Contact List

T1636.003

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.network.android/databases/NetworkManagerData.db

Filesize
16KB

MD5
2839279a9a853a40909c1dca03d2337f

SHA1
03baa059604d878e22917202fd90fb5f7de635ce

SHA256
97c1943ed1e984e7af5d8c490197075b8e43af11568663abee7c61f4e2caf0d8

SHA512
bc63d7854eee474c97373a207031f7358bcb8330dcbab015cf2515e21728c0d0737fd3e452e3d4c4be2c52ff00a86a472592c540e374d3293141c425b276de56

Download Submit
/data/data/com.network.android/databases/NetworkManagerData.db-journal

Filesize
8KB

MD5
25b78229e34ea9f0c99a0216a147dba2

SHA1
59a16fecf837a6b5fe555472b0a4446451e13c9d

SHA256
fabd0df0c9dd7c57360e0c1d4a432ebab1d7bcd8f5ab48b6b64d0e5f90a824ad

SHA512
e0fd05ad676e996f9ee0ed11d2bc9479807b6070887b11848219c1f682ab966c08c6d65f11c3cd21d4275429804afa718d8e7b8b55c672d569f76e824f4cd0f5

Download Submit
/data/data/com.network.android/databases/NetworkManagerData.db-journal

Filesize
8KB

MD5
3169c48908d19721e92daddf06f4a8cd

SHA1
fef45055ee18184fa4f8faf2d4a52d7516d4a8e3

SHA256
52fadd73104ec1a80051d11f5aaf684cb723d21a28e926c8abe69408aa68036f

SHA512
26eb1d14591513c8d2b97012e0a3f440225e417d9aaca89ff25f848f1d38312fac5a1215adda674334f935dcea30cbb4d4f3b72a4e48aca7bd4bdd09fca1990e

Download Submit
/data/data/com.network.android/databases/NetworkManagerData.db-journal

Filesize
512B

MD5
1f674b51123a5ce0475b585b8c267949

SHA1
610a3a4b4200a781fa188dcf99436be168ea1af9

SHA256
1834fd6a4f4c3d8a4bcc7c56bbfd5f180929cc5b8b4d359d7d674e6f748e5289

SHA512
25f27741ea199495e870f3b0f06c90ced55a6cbbe7e82bf63b6858fcdae422640d8edcfe3f6cd900ed9066952a0d06185ad3327221a1efb2b6a9c3646315afae

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
75a8d31e694e01fa045127b60f6338b3

SHA1
d8a99abcd722fc0f7cb2d7c307c28079f2579bc5

SHA256
0fdf2d5ded0ecc1f82fc29c937b0a4273251a9333dc9726c746286075c1e3af7

SHA512
9786124c8410c6f8cd1d5b678e844925c9a3d79dd72cf0b789af31652f98d26e3b16d0933db0d207cc0259db4148bd330106a43b30ab7af1e7cc1c8b6ca90642

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
227e428c5ccc3aa1797fd9f142b900f9

SHA1
4d7c9d7e1fd0ce21c0ff676ae32b905168ddc6bf

SHA256
3b50a9b2f338d83bef59452af964afa3f091b559767a59dbc33977488ba0496b

SHA512
449bff34ece3219df9e32d32cab53080f35cf421eee7c5352f87ec9058fcac05d16b0d5608e94fdffe5ff40fd95eeabb3cb87340e481a88ef83aa6f371782685

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
63c2c03a9b3fd766a720e696e9db90ec

SHA1
7f2927ccb0e1840d65813d4d7e1ec62ff35b9fe8

SHA256
91f076dd64ad33746ef601e31fd8445d43892433809fc536fb49ced6b6d5e189

SHA512
ef2ac076a9fe1bce61c9824585a40c2f57b61b5b2eb89429345fe68c539f8741026d9b20ea768a92e15ff3ed06212d9f0d9eb5d821356d5c9f9dc9f590b6b0f5

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
0a43e89d1745fb17055261e85812ca09

SHA1
caf99594f16cf39d16c9c947da2fee74f97bca84

SHA256
44ec6694742271e499142e3092dd8b5d5155280cb0d27a39f968c0863d5f4812

SHA512
461df488950c172a1770e8b47c325d2ec1afdb53371dfc06790dc9397a7f7b5fa4318d795fbc43f434ea85b2f10d50de68e829ea71280745830555524e7fa91c

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
356d90d4da1d8d6be8f642f02d265df0

SHA1
060f71b835cf060a5ddb1cc3c0e6d69f6dee24ae

SHA256
f09889d38fda8853883d88302d95768528981003442169c1f7e178a992710bdd

SHA512
3cf788520399845d790496a500d67dd76822da61bf68fd77f200bebe6ca51dcd340bc18eebaa6363acac89eaeb12d3dc9eb642c7873b3554ad035f5b1bd16f22

Download Submit
/data/data/com.network.android/pex.dat

Filesize
12KB

MD5
138d764910cb46a05b83d5af830dcfd4

SHA1
583dafb10cbfa0941821d9fe721b4a28498ae656

SHA256
0aa2c4123b0ccd2e11f3ea6bf425488da6b7db400745fb43e8563aa1d5f95731

SHA512
874b0c9745cb1446ae6e826e7888b08e1e7127b790bf3842093d16499175922a6305c7244c9b42a854cd7685bbe18d879cb057d59ed45bd30fd9dc11748e3584

Download Submit
/data/data/com.network.android/srcsu.dat

Filesize
8KB

MD5
f091e95aa696a326b4b948869fd3df78

SHA1
3e2b4a81bac630973a990ed1e9e0a973158a818a

SHA256
5f1c4d94b3c91704c3955b8954ce543eecb292da4a58b7c61e7592adcffa0f33

SHA512
0b5ed603ca79db5a98e2b4e24d98eecedc7bcdc660efb37241f9c3e40a68e9fab5caac53a1a4e3fb6cfd99ac40c0ab8acf63d4e5ff96c7ab03aebec4f87b35f0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads