pegasus | ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5

Analysis

max time kernel
108s
max time network
157s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
17/12/2024, 18:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ADE8BEF0AC29FA363FC9AFD958AF0074478AEF650ADEB0318517B48BD996D5D5.apk
Size

257KB
MD5

7c3ad8fec33465fed6563bbfabb5b13d
SHA1

e5920f3723e62e1850157f09baf556006bf80f74
SHA256

ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5
SHA512

75da7c118879d9430fb13c5a51d76e1278f0c1474d5cc25c4b9684b7d8c0f93b2e44584eee0f8b0d12016bc1efad367b45ff9ca5609853ae345b6d802ff63d10
SSDEEP

6144:OiJF1SCwcTjQGPihLcfUmu9XuS0nbkDIyTkRJ0P1d41RiFV1iFuU:OqF1VHzqLcfIJ4bqIeP9d4jkKFuU

Score

10^/10

pegasus collection discovery infostealer trojan

Malware Config

Signatures

Pegasus
Pegasus is a commercial Android spyware first seen in 2016.
infostealer trojan pegasus
Pegasus family
pegasus

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/contacts	com.network.android

Reads the content of the browser bookmarks. 1 TTPs 1 IoCs

collection

Data from Local System

T1533

description	ioc	Process
URI accessed for read	content://browser/bookmarks	com.network.android

Reads the content of the call log. 1 TTPs 1 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	com.network.android

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.network.android

com.network.android
1⤵
- Reads the contacts stored on the device.
- Reads the content of the browser bookmarks.
- Reads the content of the call log.
- Queries information about active data network
PID:4788

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Data from Local System

T1533

Protected User Data

T1636

Call Log

T1636.002

Contact List

T1636.003

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
5cf9c9ac5e57741dbd72a851edab1f7e

SHA1
34193f77a973eef0b68974300774ffbcac171414

SHA256
613040c2648ea24425795fefcc8e3ad52aae4578b166dc8b4d17a3db500e3dcc

SHA512
215e0685e6a7991c408cf8b5ebb737ac78cf7d7c3712c5076f50bd1ee1059e63452b9cef03d04808ec314c3c01cb4d620c848fd34c81fe80ab8525adbb757434

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
0937b0b26841842e28350c47aeedcdd9

SHA1
88fa486e874e45ff72a6bee07f64f67925d75888

SHA256
63b3a7fc249bc9b42d0feb37be36abaa3ae340b0c60626ab0c8870dfaf44b6d6

SHA512
cf5d69819318e9fb65d553bd8420f4fe2df589a02724a7105ed97b434062862d9f22dd30cb1215879eff412f84d7bdb4981edbedb150b9342aa829789f600d39

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
6c7e573a089552d9e332de6eb538028c

SHA1
398fea91ec2d7f6cb87539db8e882f64c978d3b6

SHA256
94654fd6535cc45cbc1dd6f997713dfad748fd78be3fec74c05cc231e29392cb

SHA512
fa7d0451986077c6dd155c66fa28fa61033aaf6e0f6a87de78c0b453f537ca0d129dce62eb1b380b3209901065426dd6e02c82a161aebec9c66be3a03fa27fae

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
8e4127cb44215fc945bf025e2271b06b

SHA1
e2af2dda41c72e77fd6f4bc69bb8434188bd7fae

SHA256
960d6e764daea52589e2f5e5b022f19c5a9a72cecc85d0f21c071f867b3ddf1c

SHA512
c45f392fdd7ea8b295147ff16ee19374c68e909fec4ef55d5fdd7cbc88e5ef9af534e0edc847d2ab2d36c4a2a43b339db12cc3f8c2b1f2595e92f2c0e5f7dc1a

Download Submit
/data/user/0/com.network.android/databases/NetworkManagerData.db

Filesize
16KB

MD5
f64a816e653835b07054fb6ff9c91524

SHA1
8a78b568a09bfa940d8d4c1d889c92dd962047ac

SHA256
f942e329bb4d8e844e2ee2cee3fa71212fbf26c1016a5dec8eaf529716d0479a

SHA512
32195c3faf677215d7e9a9c1809585c93b981edea59c111d41110df1a10913edce7b11d2ca12c83b01cc0fd57ce4667ad9f101fbff4273de4a020919e718dd10

Download Submit
/data/user/0/com.network.android/databases/NetworkManagerData.db-journal

Filesize
8KB

MD5
70d7ae1ea055ea93c2032b5289650237

SHA1
6fe047367a0d4dd1d05c21770bdd8213ad89b006

SHA256
e1ebec136f8f38f51e651a2b61904e0fc10898ae67a5065ae3a691149e531964

SHA512
13cbbc140dc490cdac6fc21668926ed7d71e28418d48f173647c4c1dd7f8f65ec42bc2c31cd0a55689ecf05885679e4a33159f88babc64dee68fe51aef62fb55

Download Submit
/data/user/0/com.network.android/databases/NetworkManagerData.db-journal

Filesize
8KB

MD5
7850ad27ed1cf1823c4d43bdd12027a2

SHA1
154187b102964f18616aeafe766136cb95226deb

SHA256
f4aaf9744df53850caceb18abd07afcb29b43476919ce530e6ef385654de207c

SHA512
06b26e895a43233a1c6bd5cf482f699261f580ff7fd4d7eb5ffb6828e81aa111f02b24743728b555384e4b735abb5ff6a9838310ceea40014081bebe2a1ed472

Download Submit
/data/user/0/com.network.android/databases/NetworkManagerData.db-journal

Filesize
512B

MD5
0b6bb09cb8cceaec6bc4209f2a6ee649

SHA1
93e6f0c2be322a10ea3c1e97a5c7d84d3b3e89d0

SHA256
bdeeb595e32e9114b927fd4491a5e49cca5037894eca70f2845104576c4c5784

SHA512
a3cf2a48b238e285bfd52f27b01518fc9b694b6efce86d911eaa908fda59d802b6485cbb81085279b7a064296f0254b73f63e734f43635e6ac2a13e9023e1f9f

Download Submit
/data/user/0/com.network.android/pex.dat

Filesize
12KB

MD5
138d764910cb46a05b83d5af830dcfd4

SHA1
583dafb10cbfa0941821d9fe721b4a28498ae656

SHA256
0aa2c4123b0ccd2e11f3ea6bf425488da6b7db400745fb43e8563aa1d5f95731

SHA512
874b0c9745cb1446ae6e826e7888b08e1e7127b790bf3842093d16499175922a6305c7244c9b42a854cd7685bbe18d879cb057d59ed45bd30fd9dc11748e3584

Download Submit
/data/user/0/com.network.android/srcsu.dat

Filesize
8KB

MD5
f091e95aa696a326b4b948869fd3df78

SHA1
3e2b4a81bac630973a990ed1e9e0a973158a818a

SHA256
5f1c4d94b3c91704c3955b8954ce543eecb292da4a58b7c61e7592adcffa0f33

SHA512
0b5ed603ca79db5a98e2b4e24d98eecedc7bcdc660efb37241f9c3e40a68e9fab5caac53a1a4e3fb6cfd99ac40c0ab8acf63d4e5ff96c7ab03aebec4f87b35f0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads