pegasus | 144778790d4a43a1d93dff6b660a6acb3a6d37a19e6a6f0a6bf1ef47e919648e[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

144778790d4a43a1d93dff6b660a6acb3a6d37a19e6a6f0a6bf1ef47e919648e.zip
Size

6.3MB
MD5

c044138a2086baaf70754526836aa3ae
SHA1

1a8c193f8ff50de9a6d7234b19166d849719176e
SHA256

318624b7bc903d1929fba21601c89bebf306e3a3f2632054314e08252c31aba3
SHA512

8338af8177d549c8fafbf5a5e16da59afddba159f787151fa9c66b565bcf7956274377bcd09e4eed20b5b8a29eb6e4e6a096dc108bdc2adde7496fb6a171a64f
SSDEEP

196608:AAYNB3/ux+SyAMsz+Ng4IZPuA2ES7xipcybw8x:tYT9hAMsze+PuAjKitFx

Score

10^/10

pegasus

Malware Config

Signatures

Pegasus family
pegasus

Pegasus payload 1 IoCs

resource	yara_rule
static1/unpack001/144778790d4a43a1d93dff6b660a6acb3a6d37a19e6a6f0a6bf1ef47e919648e.apk	family_pegasus1

Requests dangerous framework permissions 23 IoCs

description	ioc
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call.	android.permission.CALL_PHONE
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows an application to monitor incoming MMS messages.	android.permission.RECEIVE_MMS
Allows an application to read the user's calendar data.	android.permission.READ_CALENDAR
Allows an application to write the user's calendar data.	android.permission.WRITE_CALENDAR
Allows an application to write the user's contacts data.	android.permission.WRITE_CONTACTS
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an application to collect component usage statistics.	android.permission.PACKAGE_USAGE_STATS
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether.	android.permission.PROCESS_OUTGOING_CALLS
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to receive WAP push messages.	android.permission.RECEIVE_WAP_PUSH
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an application to collect component usage statistics.	android.permission.PACKAGE_USAGE_STATS
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether.	android.permission.PROCESS_OUTGOING_CALLS

Files

144778790d4a43a1d93dff6b660a6acb3a6d37a19e6a6f0a6bf1ef47e919648e.zip
.zip

Password: infected
144778790d4a43a1d93dff6b660a6acb3a6d37a19e6a6f0a6bf1ef47e919648e.apk
.apk android arch:arm

Password: infected

com.lenovo.safecenter

.MainTab.SplashActivity

Activities

.MainTab.SplashActivity

android.intent.action.MAIN

.MainTab.LeSafeMainActivity

com.lenovo.safecenter.mainTab

.MainTab.UpdateVersionActivity

com.lenovo.safecenter.updateAndPassword

.platform.AgainstTheftSet

com.lenovo.safecenter.AgainstTheftSet

.Laboratory.ForbiddenApplication

com.lenovo.safecenter.view.ForbiddenApplication

.Laboratory.GuestModeSet

com.lenovo.safecenter.view.GuestModeSet

.AppsManager.DialogActivity

com.lenovo.safecenter.view.DialogActivity

.safemode.SofeModeMain

com.lenovo.safecenter.safemode.SofeModeMain

.Laboratory.SafePaymentDialogActivity

com.lenovo.safecenter.view.LaboratoryActivity

.Laboratory.SafePaymentActivity

com.lenovo.safecenter.SafePaymentActivity

.lenovoAntiSpam.MainActivity

com.lenovo.safecenter.main

.antivirus.MainActivity

com.lenovo.safecenter.antivirus.main

.antivirus.views.FlashProActivity

com.lenovo.antivirus.gifmain

.antivirus.views.NotiSMSActivity

com.lenovo.antivirus.notice

.safemode.PrivateMainActivity

com.lenovo.safecenter.privatezone

.net.TrafficStatistics

com.lenovo.safecenter.net.traffic

.net.doublemode.NetSetting

com.lenovo.safecenter.net.setting

.Laboratory.AppUninstall

com.lenovo.safecenter.appuninstall

.shortcut.CleanAcitivty

android.intent.action.MAIN
android.intent.action.CREATE_SHORTCUT

.floatwindow.shortcut.ShortcutActivity

android.intent.action.CREATE_SHORTCUT

.lenovoAntiSpam.newview.WhiteABlackMain

com.lenovo.safecenter.manblack
com.lenovo.safecenter.manwhite

com.lenovo.install.InstallActivity

android.intent.action.VIEW

Permissions

android.permission.INTERNET
android.permission.READ_PHONE_STATE
android.permission.READ_CONTACTS
android.permission.READ_SMS
android.permission.CALL_PHONE
android.permission.SEND_SMS
android.permission.RECEIVE_SMS
android.permission.RECEIVE_MMS
android.permission.READ_CALENDAR
android.permission.WRITE_CALENDAR
android.permission.WRITE_CONTACTS
android.permission.WRITE_SMS
android.permission.WRITE_SETTINGS
android.permission.WRITE_SECURE_SETTINGS
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.BROADCAST_PACKAGE_REMOVED
android.permission.RESTART_PACKAGES
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.ACCESS_MOCK_LOCATION
android.permission.ACCESS_NETWORK_STATE
com.android.browser.permission.READ_HISTORY_BOOKMARKS
com.android.browser.permission.WRITE_HISTORY_BOOKMARKS
android.permission.FORCE_STOP_PACKAGES
android.permission.PACKAGE_USAGE_STATS
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.WAKE_LOCK
android.permission.VIBRATE
android.permission.MODIFY_PHONE_STATE
android.permission.PROCESS_OUTGOING_CALLS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.STATUS_BAR_SERVICE
android.permission.SYSTEM_ALERT_WINDOW
android.permission.READ_NETWORK_USAGE_HISTORY
android.permission.DELETE_PACKAGES
android.permission.GET_PACKAGE_SIZE
android.permission.READ_LOGS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.CHANGE_NETWORK_STATE
android.permission.GET_TASKS
android.permission.MOUNT_FORMAT_FILESYSTEMS
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.BROADCAST_WAP_PUSH
android.permission.RECEIVE_WAP_PUSH
android.permission.ACCESS_WIFI_STATE
android.permission.BATTERY_STATUS
android.permission.CHANGE_WIFI_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.BLUETOOTH_ADMIN
android.permission.BLUETOOTH
android.permission.VIBRATE
android.permission.FORCE_STOP_PACKAGES
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_FINE_LOCATION
android.permission.WRITE_SYNC_SETTINGS
android.permission.DEVICE_POWER
android.permission.SYSTEM_ALERT_WINDOW
android.permission.DELETE_CACHE_FILES
android.permission.BROADCAST_PACKAGE_REMOVED
android.permission.RESTART_PACKAGES
android.permission.ACCESS_MOCK_LOCATION
com.android.browser.permission.READ_HISTORY_BOOKMARKS
com.android.browser.permission.WRITE_HISTORY_BOOKMARKS
android.permission.PACKAGE_USAGE_STATS
android.permission.WAKE_LOCK
android.permission.MODIFY_PHONE_STATE
android.permission.PROCESS_OUTGOING_CALLS
android.permission.STATUS_BAR_SERVICE
android.permission.SET_ACTIVITY_WATCHER
android.permission.WRITE_MEDIA_STORAGE
android.permission.MASTER_CLEAR
com.android.launcher.permission.INSTALL_SHORTCUT
com.android.launcher.permission.UNINSTALL_SHORTCUT
com.android.launcher.permission.READ_SETTINGS
android.permission.MOVE_PACKAGE
android.permission.CLEAR_APP_CACHE
android.permission.ACCESS_WIFI_SATAE
android.permission.BATTERY_STATUS
android.permission.BLUETOOTH

Receivers

com.lenovo.lps.sus.control.SUSReceiver

com.lenovo.lps.sus.ACTION_UPDATE

.platform.BootBroadcast

android.intent.action.BOOT_COMPLETED
android.intent.action.SIM_STATE_CHANGED

.platform.NoticeBroadcast

lenovo.use.permission.denied
com.safecenter.broadcast.openChildMode
com.safecenter.broadcast.openPrivacyMode
com.safecenter.broadcast.openGuestMode
com.lenovo.safecenter.view.DialogActivity

.broadcast.AppBroadcast

android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED
android.intent.action.PACKAGE_REPLACED

.broadcast.HarassLogBroadcast

ACTION_BLACK_MESSAGE
ACTION_BLACK_PHONE
com.lenovo.antivirus.notify

.broadcast.SmsBroadcast

lenovo.backgroud.sendsms
SENT_SMS_ACTION

.support.SMSCheckReceiver

android.provider.Telephony.SMS_RECEIVED
android.provider.Telephony.SMS_RECEIVED_ON_SIM

.support.OutPhoneReceiver

android.intent.action.USER_PRESENT

.support.CheckInterChangeReceiver

com.lenovo.antispam.blackperson.change
com.lenovo.antispam.whiteperson.change
com.lenovo.antispam.netperson.change
com.lenovo.securityperson.change
com.lenovo.antispam.blackperson..provider.change

.utils.updateLab.UpdateLabReceiver

com.lenovo.antivirus.updateresult
com.lenovo.antivirus.queryresult
com.lenovo.antispam.blackupdateresult
com.lenovo.antispam.blackqueryresult
com.lenovo.antispam.sysupdateresult
com.lenovo.antispam.sysqueryresult
com.lenovo.safecenter.Broadcast.updateLab
com.lenovo.antispam.signcallupdateresult
com.lenovo.antispam.signcallqueryresult

.utils.updateLab.WifiConnectedReceiver

android.net.wifi.STATE_CHANGE

.lenovoAntiSpam.support.SMSCheckReceiver

android.provider.Telephony.SMS_RECEIVED
android.provider.Telephony.SMS_RECEIVED_ON_SIM

.broadcast.SafeInputMethodBroadcast

com.lenovo.safecenter.safeinputmethod

.broadcast.UpdateTrafficReceiver

com.lenovo.safecenter.updatetrafficbar.broadcast
com.lenovo.safecenter.init.trafficbar

.antivirus.support.BootBroadcastReceiver

action.forcestop.antivirus
action.antivirus.init

.antivirus.support.AppBroadcast

android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED
android.intent.action.PACKAGE_REPLACED

.antivirus.support.alarmreceiver

android.net.conn.CONNECTIVITY_CHANGE

.net.support.BootBroadcast

android.intent.action.BOOT_COMPLETED
android.intent.action.ACTION_SHUTDOWN
android.intent.action.PACKAGE_ADDED
android.intent.action.PACKAGE_REMOVED
android.net.conn.CONNECTIVITY_CHANGE
com.lenovo.safecenter.traffic.correction
android.intent.action.AIRPLANE_MODE

.support.MMSReceiver

android.provider.Telephony.WAP_PUSH_RECEIVED

.antivirus.support.DeleteSDFileBroadcast

action.antivirus.delete.sdfile

.broadcast.InputMethodChangeBroadcast

android.intent.action.INPUT_METHOD_CHANGED
com.safecenter.boot.safeinput

com.lenovo.performancecenter.service.object.KillAllPackageReceiver

com.lenovo.safecenter.PERFORMANCE_KILL_ALL_PROCESSES
com.lenovo.safecenter.PERFORMANCE_KILL_SINGLE_PROCESS
com.lenovo.safecenterwidget.RECORD_KILL_EVENT
com.lenovo.safecenter.clearapp

com.lenovo.performancecenter.framework.LeemCenterReceiver

android.intent.action.BOOT_COMPLETED
com.lenovo.safecenter.activityswitch

.mmsutils.PushReceiver

android.provider.Telephony.WAP_PUSH_RECEIVED

.Laboratory.SafeHomePageBroadcast

com.lenovo.safecenter.activityswitch

Services

.broadcast.AlarmService

com.lenovo.antitheft.ALARM

.broadcast.sendMsgService

com.lenovo.antitheft.SENDMESSAGE

.lenovoAntiSpam.support.DownSysService

com.lenovo.antispam.sysupdate
com.lenovo.antispam.sysquery

.lenovoAntiSpam.support.DownNetBlackService

com.lenovo.antispam.netblackupdate
com.lenovo.antispam.netblackquery

.lenovoAntiSpam.support.DownSignCallService

com.lenovo.antispam.signcallquery
com.lenovo.antispam.signcallupdate

.antivirus.support.dowmdataService

com.lenovo.antivirus.query
com.lenovo.antivirus.update

.broadcast.LockScreenService

com.lenovo.safecenter.lockscreenservice

.net.support.InitializeService

com.lenovo.safecenter.traffic.service.RTC
com.lenovo.safecenter.deletetraffic.service.RTC
com.lenovo.safecenter.updatetrafficbar.service.RTC
com.lenovo.safecenter.correct.traffic.SIM.service.RTC
com.lenovo.safecenter.correct.traffic.SIM2.service.RTC
com.lenovo.safecenter.notice.traffic.ui.service.RTC

com.lenovo.safecenter.aidl.killvirus.RemoteScanVirusService

com.lenovo.safecenter.aidl.killvirus.RemoteScanVirus

com.lenovo.safecenter.aidl.healthcheck.RemoteHealthCheckService

com.lenovo.safecenter.aidl.healthcheck.RemoteHealthCheck

com.lenovo.safecenter.aidl.usbdebugmode.RemoteUsbDebugModeService

com.lenovo.safecenter.aidl.usbdebugmode.RemoteSetUsbDebugMode

com.lenovo.performancecenter.framework.CustomerWhiteListService

com.lenovo.performancecenter.framework.CustomerWhiteListService
LenovoSafeBox455.apk
.apk android

Password: infected

com.lenovo.safebox

com.lenovo.lps.sus.control.SUSPromptActivity

Activities

.PrivateSpaceActivity

com.lenovo.safecenter.LENOVO_SAFEBOX

.AddAppActivity

com.lenovo.safecenter.LENOVO_APPLOCK

.VisitControlActivity

com.lenovo.safebox.VISIT_CONTROL

Permissions

android.permission.WRITE_EXTERNAL_STORAGE
android.permission.INTERNET
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.GET_TASKS
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.SYSTEM_ALERT_WINDOW
android.permission.ACCESS_WIFI_STATE
android.permission.ACCESS_NETWORK_STATE
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.READ_PHONE_STATE
android.permission.READ_LOGS
android.permission.WRITE_SETTINGS
com.android.launcher.permission.INSTALL_SHORTCUT
com.android.launcher.permission.WRITE_SETTINGS
com.android.launcher.permission.READ_SETTINGS

Receivers

com.lenovo.safebox.PrivacySpaceReceiver

android.intent.action.MEDIA_MOUNTED
android.intent.action.MEDIA_SCANNER_FINISHED

.service.BootReceiver

android.intent.action.MEDIA_EJECT
android.intent.action.MEDIA_MOUNTED
android.intent.action.BOOT_COMPLETED
android.intent.action.USER_PRESENT

com.lenovo.lps.sus.control.SUSReceiver

com.lenovo.lps.sus.ACTION_UPDATE

Services

com.lenovo.safebox.service.WatchAppService

com.lenovo.safebox.NO_SERVICE

com.lenovo.safebox.service.MonitorAppService

com.lenovo.safebox.WATCH_APP_SERVICE
LenovoSafeWidget115.apk
.apk android

Password: infected

com.lenovo.safecenterwidget

.DownloadLeSafeActivity

Activities

Permissions

android.permission.KILL_BACKGROUND_PROCESSES
android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.ACCESS_WIFI_SATAE
android.permission.READ_PHONE_STATE

Receivers

.MemClear4X1

android.appwidget.action.APPWIDGET_UPDATE
android.intent.action.USER_PRESENT
com.lenovo.safewidget.memory.refresh
com.lenovo.safewidget.memory.entrysafecenter
com.lenovo.safecenter.PERFORMANCE_GET_KILL_RESULT
com.lenovo.safecenter.PERFORMANCE_EXE_SHORTCUT
com.lenovo.safecenterwidget.ok
com.lenovo.safecenter.PERFORMANCE_RECORD_KILL_EVENT

Services

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

com.lenovo.safecenter

.MainTab.SplashActivity

Activities

.MainTab.SplashActivity

.MainTab.LeSafeMainActivity

.MainTab.UpdateVersionActivity

.platform.AgainstTheftSet

.Laboratory.ForbiddenApplication

.Laboratory.GuestModeSet

.AppsManager.DialogActivity

.safemode.SofeModeMain

.Laboratory.SafePaymentDialogActivity

.Laboratory.SafePaymentActivity

.lenovoAntiSpam.MainActivity

.antivirus.MainActivity

.antivirus.views.FlashProActivity

.antivirus.views.NotiSMSActivity

.safemode.PrivateMainActivity

.net.TrafficStatistics

.net.doublemode.NetSetting

.Laboratory.AppUninstall

.shortcut.CleanAcitivty

.floatwindow.shortcut.ShortcutActivity

.lenovoAntiSpam.newview.WhiteABlackMain

com.lenovo.install.InstallActivity

Permissions

Receivers

com.lenovo.lps.sus.control.SUSReceiver

.platform.BootBroadcast

.platform.NoticeBroadcast

.broadcast.AppBroadcast

.broadcast.HarassLogBroadcast

.broadcast.SmsBroadcast

.support.SMSCheckReceiver

.support.OutPhoneReceiver

.support.CheckInterChangeReceiver

.utils.updateLab.UpdateLabReceiver

.utils.updateLab.WifiConnectedReceiver

.lenovoAntiSpam.support.SMSCheckReceiver

.broadcast.SafeInputMethodBroadcast

.broadcast.UpdateTrafficReceiver

.antivirus.support.BootBroadcastReceiver

.antivirus.support.AppBroadcast

.antivirus.support.alarmreceiver

.net.support.BootBroadcast

.support.MMSReceiver

.antivirus.support.DeleteSDFileBroadcast

.broadcast.InputMethodChangeBroadcast

com.lenovo.performancecenter.service.object.KillAllPackageReceiver

com.lenovo.performancecenter.framework.LeemCenterReceiver

.mmsutils.PushReceiver

.Laboratory.SafeHomePageBroadcast

Services

.broadcast.AlarmService

.broadcast.sendMsgService

.lenovoAntiSpam.support.DownSysService

.lenovoAntiSpam.support.DownNetBlackService

.lenovoAntiSpam.support.DownSignCallService

.antivirus.support.dowmdataService

.broadcast.LockScreenService

.net.support.InitializeService

com.lenovo.safecenter.aidl.killvirus.RemoteScanVirusService

com.lenovo.safecenter.aidl.healthcheck.RemoteHealthCheckService

com.lenovo.safecenter.aidl.usbdebugmode.RemoteUsbDebugModeService

com.lenovo.performancecenter.framework.CustomerWhiteListService

Password: infected

com.lenovo.safebox

com.lenovo.lps.sus.control.SUSPromptActivity

Activities

.PrivateSpaceActivity

.AddAppActivity

.VisitControlActivity

Permissions