pegasus | ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5

Analysis

max time kernel
176s
max time network
1767s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
18-12-2024 11:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ADE8BEF0AC29FA363FC9AFD958AF0074478AEF650ADEB0318517B48BD996D5D5.apk
Size

257KB
MD5

7c3ad8fec33465fed6563bbfabb5b13d
SHA1

e5920f3723e62e1850157f09baf556006bf80f74
SHA256

ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5
SHA512

75da7c118879d9430fb13c5a51d76e1278f0c1474d5cc25c4b9684b7d8c0f93b2e44584eee0f8b0d12016bc1efad367b45ff9ca5609853ae345b6d802ff63d10
SSDEEP

6144:OiJF1SCwcTjQGPihLcfUmu9XuS0nbkDIyTkRJ0P1d41RiFV1iFuU:OqF1VHzqLcfIJ4bqIeP9d4jkKFuU

Score

10^/10

pegasus collection discovery infostealer trojan

Malware Config

Signatures

Pegasus
Pegasus is a commercial Android spyware first seen in 2016.
infostealer trojan pegasus
Pegasus family
pegasus

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/contacts	com.network.android

Reads the content of the browser bookmarks. 1 TTPs 1 IoCs

collection

Data from Local System

T1533

description	ioc	Process
URI accessed for read	content://browser/bookmarks	com.network.android

Reads the content of the call log. 1 TTPs 1 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	com.network.android

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.network.android

com.network.android
1⤵
- Reads the contacts stored on the device.
- Reads the content of the browser bookmarks.
- Reads the content of the call log.
- Queries information about active data network
PID:4802

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Data from Local System

T1533

Protected User Data

T1636

Call Log

T1636.002

Contact List

T1636.003

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
1a675e8052feae4feff0fb870441fca9

SHA1
1de1d956d7e34cba4f3c03e63c3bd4dece6c3d09

SHA256
ac575135dfe3a8c0c9deffb8672444fb02545d3551ff8ec378252b0f5626c192

SHA512
fc1a5518ca0e565873e3dbffe449e25288d102468a3ccb3f78ceecf0eb153d3dd55377942e5fca31144db688d6e33ca79b9e414bc9a7fc22c966c1fa93b99ec4

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
d69ee05b880d57792f4a323ec0b9781a

SHA1
28ad2787a3c86387b9d0ec3ce52e400a476b976f

SHA256
2a785c0ff694d9c43b7712b2de8d7e6d010a5b9d4db463b6ac600334c2be21aa

SHA512
08bfb4844753b5ccdc2f7bb13f638d201ea07f15972486aa405894507e20a7f1d77d998113e04bf31432a42cd9971ea947f50db55066e15f280b84fac1145ba2

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
c93fd8d417ea402ee8bc82098380d7e9

SHA1
1a0d453e2693c238390ecc67abcc8efae8f31c43

SHA256
2d223ab3ccfe8140970b3950cf11feae4caafb3288d6943af5388d5ee2b3097e

SHA512
2623aba560e8f069eda5c6dd586a01ab7698743ce877469d2655201374ad60c101f22675581fa3912d0b07ca410088f376bc2037b395785eb9f719d00f260491

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
9298d6f4cf1819d584d605768058e9b6

SHA1
34cd8d7901ba8f7025f8f83f869ebbf0665e7dd2

SHA256
0503ba701104c92b2e88d7cca0e2e1d2c5569b447ef9064be64edd773171f92c

SHA512
941450335b6f5f6996b4144f3c8fdb05c09fcf63597521eb6fd0512dd886b60f9bdcd4f7767f84cf72c0f7f69701933d762df9bb4f595238ddd37ff93fe797b1

Download Submit
/data/user/0/com.network.android/databases/NetworkManagerData.db

Filesize
16KB

MD5
f64a816e653835b07054fb6ff9c91524

SHA1
8a78b568a09bfa940d8d4c1d889c92dd962047ac

SHA256
f942e329bb4d8e844e2ee2cee3fa71212fbf26c1016a5dec8eaf529716d0479a

SHA512
32195c3faf677215d7e9a9c1809585c93b981edea59c111d41110df1a10913edce7b11d2ca12c83b01cc0fd57ce4667ad9f101fbff4273de4a020919e718dd10

Download Submit
/data/user/0/com.network.android/databases/NetworkManagerData.db-journal

Filesize
8KB

MD5
3f916fb9d93ba8e16c2f758c742bb108

SHA1
9182b9e44880f426cca98474c3ec8c35796766c6

SHA256
833634cf5ad1f1f42f1a3c9b139b7314e9cf7431f0d7248a67b43f7ffda294ca

SHA512
f52662601523cf84b8a0327de1a72c7971f1cf8927f4298d5603ff82ce9ade2a75df18ccc7d8d9e6006a41387784e78b2ebfd8f563568a81b1e958f5dca93fa8

Download Submit
/data/user/0/com.network.android/databases/NetworkManagerData.db-journal

Filesize
8KB

MD5
dcb0fe5e4eafb50740e685a837701ff8

SHA1
a917e27ad21f0449b9736dd4f3a2b2fe82719b52

SHA256
e2d10deb2edbf9b12eb07f1959eda9fcb96757107024c75a5011e22e657e334b

SHA512
b7a4abe348ea9e9432e4d6db12b0e8812a816b1c4cfa941071ad203102a9c1ca6fd3eeaaaf470f64b89daace767ab3ab4d905dd7bd74f9fb874264589475aa3c

Download Submit
/data/user/0/com.network.android/databases/NetworkManagerData.db-journal

Filesize
512B

MD5
062f671934d2532ed0be4ae367b46ac8

SHA1
a83365ca1930c81ad60325d6468f30d9ccce4707

SHA256
abf7bd87a5089ba01c70a214821bc13127097a4ea28ee2eb156868cf1ac65246

SHA512
6fd0b48f993b847f0ad54b0bcfaf23b6eab4538756594777f94b48406df235357625fbce9fd7ac2bbcab58f21822f78c36957a3c21000af0568d4bdf8b0531c9

Download Submit
/data/user/0/com.network.android/pex.dat

Filesize
12KB

MD5
138d764910cb46a05b83d5af830dcfd4

SHA1
583dafb10cbfa0941821d9fe721b4a28498ae656

SHA256
0aa2c4123b0ccd2e11f3ea6bf425488da6b7db400745fb43e8563aa1d5f95731

SHA512
874b0c9745cb1446ae6e826e7888b08e1e7127b790bf3842093d16499175922a6305c7244c9b42a854cd7685bbe18d879cb057d59ed45bd30fd9dc11748e3584

Download Submit
/data/user/0/com.network.android/srcsu.dat

Filesize
8KB

MD5
f091e95aa696a326b4b948869fd3df78

SHA1
3e2b4a81bac630973a990ed1e9e0a973158a818a

SHA256
5f1c4d94b3c91704c3955b8954ce543eecb292da4a58b7c61e7592adcffa0f33

SHA512
0b5ed603ca79db5a98e2b4e24d98eecedc7bcdc660efb37241f9c3e40a68e9fab5caac53a1a4e3fb6cfd99ac40c0ab8acf63d4e5ff96c7ab03aebec4f87b35f0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads