pegasus | ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5

Analysis

max time kernel
114s
max time network
155s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
17/12/2024, 18:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ADE8BEF0AC29FA363FC9AFD958AF0074478AEF650ADEB0318517B48BD996D5D5.apk
Size

257KB
MD5

7c3ad8fec33465fed6563bbfabb5b13d
SHA1

e5920f3723e62e1850157f09baf556006bf80f74
SHA256

ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5
SHA512

75da7c118879d9430fb13c5a51d76e1278f0c1474d5cc25c4b9684b7d8c0f93b2e44584eee0f8b0d12016bc1efad367b45ff9ca5609853ae345b6d802ff63d10
SSDEEP

6144:OiJF1SCwcTjQGPihLcfUmu9XuS0nbkDIyTkRJ0P1d41RiFV1iFuU:OqF1VHzqLcfIJ4bqIeP9d4jkKFuU

Score

10^/10

pegasus collection discovery infostealer persistence trojan

Malware Config

Signatures

Pegasus
Pegasus is a commercial Android spyware first seen in 2016.
infostealer trojan pegasus
Pegasus family
pegasus

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/contacts	com.network.android

Reads the content of the browser bookmarks. 1 TTPs 1 IoCs

collection

Data from Local System

T1533

description	ioc	Process
URI accessed for read	content://browser/bookmarks	com.network.android

Reads the content of the call log. 1 TTPs 1 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	com.network.android

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.network.android

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.network.android

com.network.android
1⤵
- Reads the contacts stored on the device.
- Reads the content of the browser bookmarks.
- Reads the content of the call log.
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4937

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Data from Local System

T1533

Protected User Data

T1636

Call Log

T1636.002

Contact List

T1636.003

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.network.android/databases/NetworkManagerData.db

Filesize
16KB

MD5
2839279a9a853a40909c1dca03d2337f

SHA1
03baa059604d878e22917202fd90fb5f7de635ce

SHA256
97c1943ed1e984e7af5d8c490197075b8e43af11568663abee7c61f4e2caf0d8

SHA512
bc63d7854eee474c97373a207031f7358bcb8330dcbab015cf2515e21728c0d0737fd3e452e3d4c4be2c52ff00a86a472592c540e374d3293141c425b276de56

Download Submit
/data/data/com.network.android/databases/NetworkManagerData.db-journal

Filesize
8KB

MD5
3fc7f85bd8b7ff73ac5d51f05fd58ea1

SHA1
fb03bf2b746fa8253ff50236728393ba6bdf2bab

SHA256
1a3aa15a2e893cdb1541873459842a08154c6c25c0d1ae51443bc2350d740ece

SHA512
6e1d19320338eadeb1b5fba9ac3ae7caa0bc30687adda73be3aff882b88485a28eed2eed00d17a8b84b195f4fc09f5b52196813834201db3e57da2bd884f6590

Download Submit
/data/data/com.network.android/databases/NetworkManagerData.db-journal

Filesize
8KB

MD5
c70519f4715aab6501eb29faa765420c

SHA1
568be8780e3e6c01630937d80105fb1db9087f86

SHA256
eed28dbbb2d799075423276cfd90ff3bd49d9a95f3a0758eace3558580e4ff45

SHA512
95df7efe8fe53d5c316dfa3414abf03607d9c043ec0b31688b4835216af62136dc9453334627c7fa0d870a8c96bb3af5823e9f37f7e5118f61a0b243e2e5cb56

Download Submit
/data/data/com.network.android/databases/NetworkManagerData.db-journal

Filesize
512B

MD5
c15f88e0f4adafd2fbdc1772da11d19c

SHA1
d4ee5774a3a4d1d406d99ac31996222f70ca7d2c

SHA256
c3838b7d81ce2777f32c060a1b125a0ae48d850a435b5adbe9319e76636459bf

SHA512
41843ece9712b6fdb3c473c62977dba13af2dbeb851b546022406d879547732566ab672da7894d48d78d5e345c0d92fbd70854fc4a83e59ce6aade6d8573c3bd

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
aa7ff80b5289a40558fa62bd09055cb3

SHA1
2ebe57bed28463f3227ad1e5b31171984c07c068

SHA256
a8c7de1b66c20bd16f58fd17f2d750b8c75d24f79c80cfc18e3a103641a0e555

SHA512
2525af8dbb620cae03b1e3ebd6140791ceb9a8cc184f0e20a55ca2514859da0a2f1badb06122572afa89b78a548b4644abbe6d6b6550209e48b7b3f76a483bed

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
00eec7b91792033f3ec8836d7ad2b6a0

SHA1
8c9a53f8aa7a366ddff84827f4f50b1db46d33b5

SHA256
7bce92c98bf3bd4fefe070494bc3d47fd4521673fe4d14bff6f3ef5d519c17ae

SHA512
5f272104518a5c2a904b3335d8b738b0af97a19a3d915ebd091a604f2d70af94d0b13aadc34c4668d2891502ab4e3bb7fc9c43a426a13e9361718bdffab1de61

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
89ac99637f2aaee511a2bca2d2b4bd1f

SHA1
60353f579fcd7e348124ed757574846e863b024a

SHA256
c0b971af775834d2eb6fe70a43aea7f9c070ba0fa3988750fcbf85270cfe6657

SHA512
3a523031f9b57e2183de3c540b1203f0af4e78f1c1de6c786a6e330233c03849804987dcc93b16cae016c637ea988571b9c38bb7ebaf91805b838efa1b882aa2

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
c34b856958aabc5e519c0cd8ad7c8e6a

SHA1
b8e4bb3264d6f3f81d6d6c2181d425cbeb6e2fe5

SHA256
d29589154b409dd69f6b623fb2c02a2547f15867767e7651de41e2ceef7d3006

SHA512
d1bb49942d692a46ee4871860ddf786014c0823f408be22abb26d63f0ab0776c0dacadce6603eebc9fcfd092277da006983fdf8929b781d986da41b884df3388

Download Submit
/data/data/com.network.android/pex.dat

Filesize
12KB

MD5
138d764910cb46a05b83d5af830dcfd4

SHA1
583dafb10cbfa0941821d9fe721b4a28498ae656

SHA256
0aa2c4123b0ccd2e11f3ea6bf425488da6b7db400745fb43e8563aa1d5f95731

SHA512
874b0c9745cb1446ae6e826e7888b08e1e7127b790bf3842093d16499175922a6305c7244c9b42a854cd7685bbe18d879cb057d59ed45bd30fd9dc11748e3584

Download Submit
/data/data/com.network.android/srcsu.dat

Filesize
8KB

MD5
f091e95aa696a326b4b948869fd3df78

SHA1
3e2b4a81bac630973a990ed1e9e0a973158a818a

SHA256
5f1c4d94b3c91704c3955b8954ce543eecb292da4a58b7c61e7592adcffa0f33

SHA512
0b5ed603ca79db5a98e2b4e24d98eecedc7bcdc660efb37241f9c3e40a68e9fab5caac53a1a4e3fb6cfd99ac40c0ab8acf63d4e5ff96c7ab03aebec4f87b35f0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads