pegasus | cdc4645f8705dd614528ac63a6cecce5b35dc931ce15d6c5421c91b47cb860e6

Analysis

max time kernel
176s
max time network
491s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
22/03/2025, 11:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5.apk
Size

257KB
MD5

7c3ad8fec33465fed6563bbfabb5b13d
SHA1

e5920f3723e62e1850157f09baf556006bf80f74
SHA256

ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5
SHA512

75da7c118879d9430fb13c5a51d76e1278f0c1474d5cc25c4b9684b7d8c0f93b2e44584eee0f8b0d12016bc1efad367b45ff9ca5609853ae345b6d802ff63d10
SSDEEP

6144:OiJF1SCwcTjQGPihLcfUmu9XuS0nbkDIyTkRJ0P1d41RiFV1iFuU:OqF1VHzqLcfIJ4bqIeP9d4jkKFuU

Score

10^/10

pegasus collection discovery persistence stealer trojan

Malware Config

Signatures

Pegasus
Pegasus is a commercial Android spyware first seen in 2016.
stealer trojan pegasus
Pegasus family
pegasus

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/contacts	com.network.android

Reads the content of the browser bookmarks. 1 TTPs 1 IoCs

collection

Data from Local System

T1533

description	ioc	Process
URI accessed for read	content://browser/bookmarks	com.network.android

Reads the content of the call log. 1 TTPs 1 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	com.network.android

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.network.android

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.network.android

com.network.android
1⤵
- Reads the contacts stored on the device.
- Reads the content of the browser bookmarks.
- Reads the content of the call log.
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5168

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Data from Local System

T1533

Protected User Data

T1636

Call Log

T1636.002

Contact List

T1636.003

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.network.android/databases/NetworkManagerData.db

Filesize
16KB

MD5
2839279a9a853a40909c1dca03d2337f

SHA1
03baa059604d878e22917202fd90fb5f7de635ce

SHA256
97c1943ed1e984e7af5d8c490197075b8e43af11568663abee7c61f4e2caf0d8

SHA512
bc63d7854eee474c97373a207031f7358bcb8330dcbab015cf2515e21728c0d0737fd3e452e3d4c4be2c52ff00a86a472592c540e374d3293141c425b276de56

Download Submit
/data/data/com.network.android/databases/NetworkManagerData.db-journal

Filesize
8KB

MD5
536ba22a2e41d8dde08954148097c820

SHA1
aa97363524fd39f05bbe10947858f6935e261612

SHA256
d2a6499ff354e28b20bbf89f53d81a49912a939f1b9d829037d3a4b9860ff2fc

SHA512
017b1b2a9ada9bd193420c1cb10282f9403c347b94844178a1880d7bfc318f64bea57764079956f2ae6618761ea96c1ef51eb18d4aaa2f191c7b940d997ba66c

Download Submit
/data/data/com.network.android/databases/NetworkManagerData.db-journal

Filesize
8KB

MD5
c8b897ad8c2e95f556dc6010071bce93

SHA1
692752e20a1c95030015fafd320c1d1f5fdfeb79

SHA256
885b31ccd172aef7af278345e9fe0b1165caa0a8d156550a496ee100ffb0c9b1

SHA512
48d7133de9247ac1191dc00cd505736254cc0bd39931fc66bc62904bc3757a1c7d050e403601497659da45898e19a9d9acb44f5a54df2d50687bcc8d0ad2b0d3

Download Submit
/data/data/com.network.android/databases/NetworkManagerData.db-journal

Filesize
512B

MD5
f8f2a781ff0a44ed857cb888b1c4bc6e

SHA1
d739853b4771a36a108da125e4dcd740c49670ef

SHA256
cd66176811f19effc53775a6b968351fec0a828046a40f880fc5c82a208c7d88

SHA512
e0fed7651ac43bb02abeb6858599086867224aca667019788d4278e56333b8a7857101d57acefb1dcc11c942f8bfe9e6e7f6d4a96f1835899632b1d8b3cecd85

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
0f5670df27fbacc1e71786f3674f1f20

SHA1
955bd913cf9e616e35651faa88ed674cb2a88816

SHA256
4eb2044abe91aa9c4e46459be0e47511ddd39e9913708fd3cad2d9280314d64b

SHA512
58c177f0eab2c8be2a8065d203ca7e9fe4737448e3925356e47026b0631ddc9b55ed6f3e8caa84a9201aa88422771da9d5ebb2e082748f5785ab049aef72dded

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
c693cdd9e3d2ddcba34e2e8e052d0c23

SHA1
e1aa20cbfd41f10f73bf78c8d096dd593ecd26f3

SHA256
126b7ad4ed7079023516965fac740080f7f0c75c01122c85ac17696b7b759203

SHA512
b660ae59c01f06fc3e18c4278828548bcf1f47bca7d85cfdd7185f41576571f55719ef8912188bb60adfcf64afdca2d4ef03bcdafd93543f4367937ed3e90e63

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
d97838070510fd2f443b474675f94e1f

SHA1
3347b601fbf688d36bca2b24863d71fbaf1d7f75

SHA256
3c9b530ad3d58710f7751d6c5db19846c34c3b3fa3cfa2bf60c45e777749cdd0

SHA512
5ea8b2f2087fc22476609c8fc7c255dd68557d4ff4d9ea6c4ea5bade7ca500fb34940e2d72aa28f24fa10e5cbc75152318affe2151f4eb9be1dc1b8c50b50242

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
8e8c76dc6391d96b22c4132735202aa6

SHA1
aa1a3853fc5c3684064edb9341c271dd167dd34c

SHA256
4bf9d656be8d2de5820e57e00b252c8b4d651458bd139571706545b1395e7811

SHA512
d4e5e50909e2c278d4b903cfb022ebf09f21f1921110f1dca61e09fa3d9ea39a1260059e6c8766807b61c0f3e27d177d6711e4f67ae40e685a6868a97f7d7903

Download Submit
/data/data/com.network.android/pex.dat

Filesize
12KB

MD5
138d764910cb46a05b83d5af830dcfd4

SHA1
583dafb10cbfa0941821d9fe721b4a28498ae656

SHA256
0aa2c4123b0ccd2e11f3ea6bf425488da6b7db400745fb43e8563aa1d5f95731

SHA512
874b0c9745cb1446ae6e826e7888b08e1e7127b790bf3842093d16499175922a6305c7244c9b42a854cd7685bbe18d879cb057d59ed45bd30fd9dc11748e3584

Download Submit
/data/data/com.network.android/srcsu.dat

Filesize
8KB

MD5
f091e95aa696a326b4b948869fd3df78

SHA1
3e2b4a81bac630973a990ed1e9e0a973158a818a

SHA256
5f1c4d94b3c91704c3955b8954ce543eecb292da4a58b7c61e7592adcffa0f33

SHA512
0b5ed603ca79db5a98e2b4e24d98eecedc7bcdc660efb37241f9c3e40a68e9fab5caac53a1a4e3fb6cfd99ac40c0ab8acf63d4e5ff96c7ab03aebec4f87b35f0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads