pegasus | cdc4645f8705dd614528ac63a6cecce5b35dc931ce15d6c5421c91b47cb860e6

Analysis

max time kernel
112s
max time network
149s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
22/03/2025, 12:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5.apk
Size

257KB
MD5

7c3ad8fec33465fed6563bbfabb5b13d
SHA1

e5920f3723e62e1850157f09baf556006bf80f74
SHA256

ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5
SHA512

75da7c118879d9430fb13c5a51d76e1278f0c1474d5cc25c4b9684b7d8c0f93b2e44584eee0f8b0d12016bc1efad367b45ff9ca5609853ae345b6d802ff63d10
SSDEEP

6144:OiJF1SCwcTjQGPihLcfUmu9XuS0nbkDIyTkRJ0P1d41RiFV1iFuU:OqF1VHzqLcfIJ4bqIeP9d4jkKFuU

Score

10^/10

pegasus collection discovery persistence stealer trojan

Malware Config

Signatures

Pegasus
Pegasus is a commercial Android spyware first seen in 2016.
stealer trojan pegasus
Pegasus family
pegasus

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/contacts	com.network.android

Reads the content of the browser bookmarks. 1 TTPs 1 IoCs

collection

Data from Local System

T1533

description	ioc	Process
URI accessed for read	content://browser/bookmarks	com.network.android

Reads the content of the call log. 1 TTPs 1 IoCs

collection

Call Log

T1636.002

description	ioc	Process
URI accessed for read	content://call_log/calls	com.network.android

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.network.android

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.network.android

com.network.android
1⤵
- Reads the contacts stored on the device.
- Reads the content of the browser bookmarks.
- Reads the content of the call log.
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4337

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Data from Local System

T1533

Protected User Data

T1636

Call Log

T1636.002

Contact List

T1636.003

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.network.android/databases/NetworkManagerData.db

Filesize
16KB

MD5
b1b07690091ef56446cb1e2105e92d78

SHA1
a7c2ff91432530df5e42131b557029d481f5f44e

SHA256
2cbd6c123ba0396b016401cc9590cf6b7ce23538f57398e34615cdd614bda3cb

SHA512
89f4f33b7cd99eb06c1ee71baba6724ac1297f006789070f4bb1441f0de113ad7685995884f47356f8bcfeb559c4e7d57d2dc2fc4321bda21208a87b1ba0bacb

Download Submit
/data/data/com.network.android/databases/NetworkManagerData.db-journal

Filesize
512B

MD5
05e2e2aba84e8b475e9b1f3e54cac958

SHA1
4e5d17fdabe5d1d75a1b73a80a8840004321cd49

SHA256
41c5f438b06a717967897af1ff040ca7d5fe39d297e8cb174cdf392ddb19ead9

SHA512
78531e5835ab69cecb491184d4d5da6a7323bcf27576fa128b299f72fc52c6a91519dd6b5755ed3a1da4d526b3be2a3e98e3a8096dd40b8672b8cfa7528d8e3f

Download Submit
/data/data/com.network.android/databases/NetworkManagerData.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.network.android/databases/NetworkManagerData.db-wal

Filesize
28KB

MD5
9d648ff8d7592e6a18200413b3c25856

SHA1
a1780c039ee4d5713533373b1c3c8341832ae0a9

SHA256
805be6cb092b80c425c46f1bf3da941e86059787decc12e13598df405b4c3dde

SHA512
525485ded4fa8433d563dee97d7e3cec93dc4566d981f2d4857f461a794ddc40d35193a04eac2a37b30363b1dd78d0acf1f6c12a316571fd05337781a6e7d161

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
21a85088d1695a24ce9c5005d6bf2dc7

SHA1
bfa1d2e6807d0b9426536d5db71249c2f986bafb

SHA256
fa39431eeaaf36e2e97d6815178fc019404ed774f9eafa7c2a6adc4c5a100f07

SHA512
093b72833f3ceadf7a5915312a5523afbf02576c47c43670eb2943a7d0403a1538acd680ea58c94b1c056362f4463cf032f8c3cccec3a8c12fd6337648701c6a

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
74f24494c4bf4957a5641017088efc98

SHA1
200a9e6932ce875cfbbf9133c997e3f24bbb3044

SHA256
e489122948eda2aac45724827442df18126c35551db08f7bcc53055ad4e13047

SHA512
b0c2750cc486435926d9a012234fcdd9fad1a6bfe6eaeba4e144c9328c3ed923cfb5c251bc03e40c0e419b1b85e5c9ffc7e23cdd22082952974644f309272838

Download Submit
/data/data/com.network.android/logs/0vlt.dat

Filesize
12B

MD5
b31a30404fdd1a84a60ad10e4bbe8d4f

SHA1
5e6eb677beca7ee8db914145cc699c964822957a

SHA256
215d92ad797751a68969f37c7cceb955177e046146fffdca5343ccb1c9e8a8ef

SHA512
331a0b745e6e78df233e4910aa86c5d3e83220b3aa2c46e03fda6ef410d1da6c42cdb638336f5ad9b2e5eeae08eac53de57ea091eb46043c73079d21bf7fcbfd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads