MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 144778790d4a43a1d93dff6b660a6acb3a6d37a19e6a6f0a6bf1ef47e919648e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pegasus


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 144778790d4a43a1d93dff6b660a6acb3a6d37a19e6a6f0a6bf1ef47e919648e
SHA3-384 hash: b49d802f2103a7e98d9705461e0ce4a0f5dcddab462b27394b0a1e1559c81d3a4d8134f83f57647f9f37a731baa979b8
SHA1 hash: aa47b601dd3a01cf0ec5e2e6da5c4f90c49ba71d
MD5 hash: 29183814f45616d831fdc139e3113718
humanhash: winter-rugby-friend-cola
File name:com.lenovo.safecenter.apk
Download: download sample
Signature Pegasus
Create hunting rule
File size:7'335'631 bytes
First seen:2021-07-22 21:38:51 UTC
Last seen:2023-11-11 13:04:38 UTC
File type: apk
MIME type:application/java-archive
ssdeep 196608:pJVfGouCB8oMxqANNjYYUMLRoCRMggq2k+E9p+o3k:prf7uC/Mxq4YSLRowMPqj+E9Io3k
TLSH T1777612B3F749E8A5D0E3A2339671521660224C708F13EAA33E5EB5341FF7EC45689E85
Reporter Arkbird_SOLG
Tags:apk Pegasus signed

Code Signing Certificate

Organisation:LeOS
Issuer:LeOS
Algorithm:sha1WithRSAEncryption
Valid from:2010-12-16T07:01:18Z
Valid to:1974-10-16T00:33:02Z
Serial number: 854e5e1bfc1ce89a
Thumbprint Algorithm:SHA256
Thumbprint: 991c989778732815e50d7e788c454d0893cf9b195c1a29ff4def161f848217d8
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
354
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.HTML-4880.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/144778790d4a43a1d93dff6b660a6acb3a6d37a19e6a6f0a6bf1ef47e919648e
Result
Threat name:
Unknown
Detection:
malicious
Classification:
rans.troj.spyw.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/820428
Signature
Antivirus / Scanner detection for submitted sample
Attempts to mount system partition as writable
Deletes call logs
Deletes other packages
Ends incoming calls
Kills background processes
Might try to detect if ADB is running
Multi AV Scanner detection for submitted file
Queries the device phone number (MSISDN)
Registers a broadcast receiver to intercept incoming SMS
Tries to change file permissions on the native system using chmod
Uses command line tools to install new APKs
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/144778790d4a43a1d93dff6b660a6acb3a6d37a19e6a6f0a6bf1ef47e919648e/
Threat name:
Android.Spyware.Guardian
Create hunting rule
Status:
Malicious
First seen:
2016-03-20 02:17:47 UTC
File Type:
Binary (Archive)
Extracted files:
1572
AV detection:
10 of 44 (22.73%)
Threat level:
  2/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
android
Link:
https://tria.ge/reports/210722-3jbnvg3tr6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Chrysaor
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/144778790d4a43a1d93dff6b660a6acb3a6d37a19e6a6f0a6bf1ef47e919648e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:adonunix2
Create hunting rule
Author:Tim Brown @timb_machine
Description:AD on UNIX

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://twitter.com/vxunderground/status/1418238215878848512

Comments


Avatar
commented on 2023-11-11 13:05:03 UTC

https://medium.com/@brotheralameen/malware-analysis-of-pegasus-spyware-70fe090f7cc2