pegasus | ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5

Analysis

max time kernel
175s
max time network
1654s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
18-12-2024 11:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ADE8BEF0AC29FA363FC9AFD958AF0074478AEF650ADEB0318517B48BD996D5D5.apk
Size

257KB
MD5

7c3ad8fec33465fed6563bbfabb5b13d
SHA1

e5920f3723e62e1850157f09baf556006bf80f74
SHA256

ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5
SHA512

75da7c118879d9430fb13c5a51d76e1278f0c1474d5cc25c4b9684b7d8c0f93b2e44584eee0f8b0d12016bc1efad367b45ff9ca5609853ae345b6d802ff63d10
SSDEEP

6144:OiJF1SCwcTjQGPihLcfUmu9XuS0nbkDIyTkRJ0P1d41RiFV1iFuU:OqF1VHzqLcfIJ4bqIeP9d4jkKFuU

Score

10^/10

pegasus collection discovery infostealer persistence trojan

Malware Config

Signatures

Pegasus
Pegasus is a commercial Android spyware first seen in 2016.
infostealer trojan pegasus
Pegasus family
pegasus

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/contacts	com.network.android

Reads the content of the browser bookmarks. 1 TTPs 1 IoCs

collection

Data from Local System

T1533

description	ioc	Process
URI accessed for read	content://browser/bookmarks	com.network.android

Reads the content of the call log. 1 TTPs 1 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	com.network.android

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.network.android

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.network.android

com.network.android
1⤵
- Reads the contacts stored on the device.
- Reads the content of the browser bookmarks.
- Reads the content of the call log.
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5248

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Data from Local System

T1533

Protected User Data

T1636

Call Log

T1636.002

Contact List

T1636.003

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.network.android/databases/NetworkManagerData.db

Filesize
16KB

MD5
2839279a9a853a40909c1dca03d2337f

SHA1
03baa059604d878e22917202fd90fb5f7de635ce

SHA256
97c1943ed1e984e7af5d8c490197075b8e43af11568663abee7c61f4e2caf0d8

SHA512
bc63d7854eee474c97373a207031f7358bcb8330dcbab015cf2515e21728c0d0737fd3e452e3d4c4be2c52ff00a86a472592c540e374d3293141c425b276de56

Download Submit
/data/data/com.network.android/databases/NetworkManagerData.db-journal

Filesize
8KB

MD5
b3e8311a73f0d55f421b3c8624275d2a

SHA1
48cb62f1acf4d424c04c9f46822ea8f41e3ce78c

SHA256
758a7963a8b7fb4b7c2c503ebf35ceb84eb9fb3c5d2a194da882bfc6d5c9d2dd

SHA512
972d96d773c7b87b70505c3d896d464d724b1a726bd0df3071ed91eedd13a1e21d51d6063510a44e7bc3af9013ca2a748b5c375afcab3ff4df100b63e67683a2

Download Submit
/data/data/com.network.android/databases/NetworkManagerData.db-journal

Filesize
8KB

MD5
f3cc916addb57cbbbb5a6e264e9ee017

SHA1
d45f23e041820b657336c5d6a4004e4ba0245857

SHA256
f583b90f505f3eff584b50522f63659f4fd79cbd578beb60a4b560b6a2c30323

SHA512
8916081ad1f13ca127d17a860156ae356137e270a0168ee388b5823ec9a1a50ab2619220d016a7fbd6d5cec78270e312cc420e29729d76af3ec0c5cef348a5db

Download Submit
/data/data/com.network.android/databases/NetworkManagerData.db-journal

Filesize
512B

MD5
0b4d6fef501e43634d5353b54344cd8c

SHA1
1023c7ef21b37d0133b4bfca1770e0d5f18949f2

SHA256
c8af55b4b8a93f876782b19fa0227667d0719c5c3aeccdc49120f08b300c2171

SHA512
8bd53035f33b5be851133625a6580ed7282b1464ad601444841dff40533caed3c6f2f6fc0a2a0724fbb4d3d85f6256b2a06508d09e13aa9a081862440fdc9721

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
a508a2fb9a5d3571d2fdbc34015a9dba

SHA1
8c3d957aecbdbe61d622af9c4fc4c72d832f39cc

SHA256
8e99a77097ece81b01f295e029ec21ab830242c2efe2c16e06c7f5004f5dc6e7

SHA512
f73e1e6ef6da23be555d6f52bc59da32d50f95c56734bebf39e354ea69fd73268b0a198292f560265d4b99bfaebaf1362c31c4802099bf3edaf8280e872311e3

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
52fa126620ba974678a3f26de9a12ee1

SHA1
5f69eefd3e191c3db252ab5fc38f4a60066d0375

SHA256
f01841af7c5b339f0d8202edaadb7e18b441509d6721ff22a5c5dae957741123

SHA512
e7ab7895bc4fb067e7e0ea0319660b0f1620a30e78f06376fcd6095702941b1f44644fa65e865794f67f92521e0f9d313d5a4769064fb73984f0d666b3166a63

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
b9ffc613f157b9749e7f272305f8f369

SHA1
0eb8ec631e0cfd126c6b278de9c06cda7aa57041

SHA256
3a13c91dd39c6ff35ca10ded4300733e4de9f60836cee787b35d770c08ff7633

SHA512
3411176dac505e2d373f390fba300b9c19831c5779b03da2cb46db456d837b92db2e05eec629ad0532d7353e2398bdb7a433e3203ec3fd3b104165686944cd86

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
3b3d64b79f227c732acb3481aa958f53

SHA1
744356c613c1fcc71d6fb7c6fb58336100131649

SHA256
d2722624ef205e9789881529f3fc80de67f660296460e3d9bf07dc4785b25a9f

SHA512
5303beae775132922832b318ab74f0565d332b396eb4225acd135127aec2b908ad2f3264dbac01134efd85a9bd1eebfa756b8fe4151a408f2b606023edae3c41

Download Submit
/data/data/com.network.android/pex.dat

Filesize
12KB

MD5
138d764910cb46a05b83d5af830dcfd4

SHA1
583dafb10cbfa0941821d9fe721b4a28498ae656

SHA256
0aa2c4123b0ccd2e11f3ea6bf425488da6b7db400745fb43e8563aa1d5f95731

SHA512
874b0c9745cb1446ae6e826e7888b08e1e7127b790bf3842093d16499175922a6305c7244c9b42a854cd7685bbe18d879cb057d59ed45bd30fd9dc11748e3584

Download Submit
/data/data/com.network.android/srcsu.dat

Filesize
8KB

MD5
f091e95aa696a326b4b948869fd3df78

SHA1
3e2b4a81bac630973a990ed1e9e0a973158a818a

SHA256
5f1c4d94b3c91704c3955b8954ce543eecb292da4a58b7c61e7592adcffa0f33

SHA512
0b5ed603ca79db5a98e2b4e24d98eecedc7bcdc660efb37241f9c3e40a68e9fab5caac53a1a4e3fb6cfd99ac40c0ab8acf63d4e5ff96c7ab03aebec4f87b35f0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads