Analysis

  • max time kernel
    175s
  • max time network
    1776s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    18-12-2024 11:48

General

  • Target

    ADE8BEF0AC29FA363FC9AFD958AF0074478AEF650ADEB0318517B48BD996D5D5.apk

  • Size

    257KB

  • MD5

    7c3ad8fec33465fed6563bbfabb5b13d

  • SHA1

    e5920f3723e62e1850157f09baf556006bf80f74

  • SHA256

    ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5

  • SHA512

    75da7c118879d9430fb13c5a51d76e1278f0c1474d5cc25c4b9684b7d8c0f93b2e44584eee0f8b0d12016bc1efad367b45ff9ca5609853ae345b6d802ff63d10

  • SSDEEP

    6144:OiJF1SCwcTjQGPihLcfUmu9XuS0nbkDIyTkRJ0P1d41RiFV1iFuU:OqF1VHzqLcfIJ4bqIeP9d4jkKFuU

Malware Config

Signatures

  • Pegasus

    Pegasus is a commercial Android spyware first seen in 2016.

  • Pegasus family
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
  • Reads the content of the browser bookmarks. 1 TTPs 1 IoCs
  • Reads the content of the call log. 1 TTPs 1 IoCs
  • Queries information about active data network 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Processes

  • com.network.android
    1⤵
    • Reads the contacts stored on the device.
    • Reads the content of the browser bookmarks.
    • Reads the content of the call log.
    • Queries information about active data network
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4339

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.network.android/databases/NetworkManagerData.db

    Filesize

    16KB

    MD5

    b1b07690091ef56446cb1e2105e92d78

    SHA1

    a7c2ff91432530df5e42131b557029d481f5f44e

    SHA256

    2cbd6c123ba0396b016401cc9590cf6b7ce23538f57398e34615cdd614bda3cb

    SHA512

    89f4f33b7cd99eb06c1ee71baba6724ac1297f006789070f4bb1441f0de113ad7685995884f47356f8bcfeb559c4e7d57d2dc2fc4321bda21208a87b1ba0bacb

  • /data/data/com.network.android/databases/NetworkManagerData.db-journal

    Filesize

    512B

    MD5

    161e391de1d931abccd1f61b75f8e49e

    SHA1

    d4edb9c735a5f81ffacd320181c6014fe9aeace7

    SHA256

    bde98ede447788e854fc100e8e53a8716e52e01781b5dbc0bed7749b6d99e636

    SHA512

    b6ee3383ce50858e5212752c80b843199ac5f6a8193268e07d2306a74acd0a95e4ce6493034cb05a4fb8dce5cf584395237bec98edb80f7eac85eeea424f4a92

  • /data/data/com.network.android/databases/NetworkManagerData.db-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/data/com.network.android/databases/NetworkManagerData.db-wal

    Filesize

    28KB

    MD5

    b47662f2b5335defd96ad07282f8fbcd

    SHA1

    afd5af246da5692cb73ea3a367765042dd691ec8

    SHA256

    f08c0ccbfd350cf6ad4dcee17df8f583f774b10b6be7444b8b693abf5cfb6614

    SHA512

    28ae6a7156d3ada214be057628e822faa7c525e482834646633f5f150f20391c650580e0934b9fde929fe8bfb8e8f90ec00567daacd78c165ccf975db01ce228

  • /data/data/com.network.android/logs/0vlt.dat

    Filesize

    12B

    MD5

    efee9598cb4cdb2dcd6cb3c71509a179

    SHA1

    3d537b14646077f9e4fe0294d70105cf6a65b6a3

    SHA256

    93516087d55d0924ded05728dab462e41610b2802b7d4d55630100155b024852

    SHA512

    67c1b55051ab1be2e3d049fcd7a3b2d58fead3b514da59af6bcb088d615d1408d434bdd2f3196b6323a984e44084b219ad1595ea3ae2cdfe9937b6290bdfc248

  • /data/data/com.network.android/logs/0vlt.dat

    Filesize

    12B

    MD5

    1ac2984e7b0776f5957ed342acc8a6bb

    SHA1

    de3062433ce8215ee21bd640ab12ea521aa0a4d0

    SHA256

    9d52ea58a8f2f80bd9cec5fc9d8a58e6ac6a74a4ab2aac03e9fce4c825cd0b9f

    SHA512

    a95bf5cc872a4c1220a85de72b2277cc1150d2dbf18d376f2d1ab21929a27cca342f187510134b729f5f0c3899e30ed434f4781a17ef043eb8cde559f5618d7c

  • /data/data/com.network.android/logs/0vlt.dat

    Filesize

    12B

    MD5

    66e1cee196960093adaeeb63f7ad3f9d

    SHA1

    5c2ace037edc413d6311bfaa696af61408194122

    SHA256

    f805267b4361a636012e89dc9459238b44791f1d6498583e85c1d2c5a91c8cb9

    SHA512

    e20171e47675da9ce27c4d367bc2a04ca4400eec095d74573219fe43d8b3ecb383b1abb8cdd0623bcf07a1ed4c0af67bf38408e231a686ad27a7aa531d35cd4f