Analysis
-
max time kernel
179s -
max time network
179s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
-
submitted
02-07-2024 00:08
General
-
Target
Headshot GFX Tool and Sensitivity settings Guide_1.0_APKPure.apk
-
Size
13.6MB
-
MD5
4d3833446c806d12317eff6fcf5a2ac1
-
SHA1
39faddbe2c58a373f7f4d26b9ec00202a79ef7fb
-
SHA256
9534297f808b1faa8d6be0dc9485c7081e0208211110bca24b1642aa4318c3c9
-
SHA512
391037468a8ee326d5e3d0c178000136bc9496822ad901b01576a7845fa1e8160971e7bded78ab19a894c8bc61b99e24a1807f799eacd093319a837d6e2c5189
-
SSDEEP
196608:S2ZyIdmW99evCihSdHO+L4kzTiBHY23XznWSgNLifYJV1Dlo8wnF1vQAAqWWpY1:tLdLVnF4QuHYODZgNLIqLDOvxWWm
Malware Config
Signatures
-
Checks if the Android device is rooted. 1 TTPs 1 IoCs
-
Loads dropped Dex/Jar 1 TTPs 3 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Acquires the wake lock 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network 1 TTPs 1 IoCs
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.livevideocallingapps.headshot1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
Process Discovery
1System Information Discovery
3System Network Configuration Discovery
1System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
9KB
MD503ee9d194982da8259d81957162c9795
SHA1f05ab5cc908262c4dd51f3e8ca49bc346dc136b2
SHA256d44cfb6b41231f150cf310c7c4d399be9587294e3727197e046db4a1c2c3ca3b
SHA512241f97312aa3e4547ce7f3195667301872bded70880ce33641a26292530ec2c22614a85c7e2437c5a88fff0e6359ef9c253caa79fa49a025869ae5dcbae524ff
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD528a224f447b2e29ea46959b3b9690a81
SHA11f8ce6bbb16cb6aa9751f676f4af79cb9b76e552
SHA2562dde23389b100d56b20bf0944fa0159c173b0b4da38c1a956db8a5bb86453729
SHA512938b829c4152066891e0ea32a6894a83672a2f2d1ce58c8f1cde6a7c930ba744bd74ac462c851ec44c3f56b64c2dc2c3fbaf96a5e19c4c443d621ca820092fb8
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
88KB
MD5946a47ca0565dcdd084084eb57747fa4
SHA1c7456985c8986d63d4dc1788d9890ca106642f8b
SHA25639fc00e3e4fd8a798513c6e6c94314983c8a817b6bb2712281213a1d93eeb1d9
SHA512a159e8c46c4e1c910d5119cfd04f6f08384cd21b83d8b7c56e34a120f1f2ca5e0f8c60b08c3d8dfb50a838c049a8412367d10cf01fe8f6cc2b392a4c2119bde5
-
Filesize
16KB
MD5f09764fe4b85e1b35952106bb0f94433
SHA1fb241c492edf0de3f463ecf7f017ed79a26d08ae
SHA25664cc8eab60c7f95561fdf0da299940466d82eae49bcc3068dad2451eb535904e
SHA5120fadf53868cf9915682275787bb26a2c4900752635cc89d07edc39ba275eaf740d2e1ef07424001704b12decab9134643bd2fb3366f487c167663174cabd2bb7
-
Filesize
40KB
MD515d5b92dcbda7ef7f9ca327a903e46e4
SHA1ca153b66028a58d90346ff8abadbdf01b95c37b1
SHA256e802fdc1ccd833b91d80bb1d8f54cab2b585393e6a07622c4d9feaab07633370
SHA5122352f167ee5aa37cb3438a0a7df8f632771a1d019c5cd120fe62313fb73aed6d0e09186a9bf306a564371b846a8da020f6acd7aede0cc47ca50701611fa84aca
-
Filesize
8KB
MD51b2f4d3d007ac1c2905fbcad170f2f7d
SHA15ff3cb82b7f4a9226e967b89328fe3252ad074f9
SHA256a2746e57526e8aab3707ff7c9fe4858b537a4adb0922c6bd83220790bafa1116
SHA512b60ff57295e3dbcf3a7d6db68dba1d0429520e51f54925a64dd11f409c69c8afa09b9a74ebc9e8324cc54e5d42e6e220a0c8ac18c96cf842af7c9f9086228d46
-
Filesize
512B
MD5b568c031012852bc56da19bf2b1bec01
SHA1f28736606eebf1d095cdca945a07cdc27daa716c
SHA25665ff0f38cebefb16491a15ce3c5aa41815872650e5fe6dc41bcfb315581bbbe3
SHA512ad6fd8579cd5f6dd5ab40c2636023503f9854049ec79fd143d5cb1a0715ac9ae5131ebe39136e4986cd79a84f11806c1cb51e3177693d60462fbfd84408b600e
-
Filesize
8KB
MD5d2d2c8a053d74b8762561152733532e3
SHA17df88516bec6f7f81f906e160d9fc05ebb494877
SHA2560cc93f72c0913836a258c8d4c2c6b162a5da647e157a34d153116bbd7e1a69a2
SHA51232db7187d8f202a752eee4af7211b793881a844b076290ecb0801ad5744f29381d22528ecbc8f07c5251772d1a7fb2305cbb737fa7bce04a9bca0c5fce0f72d6
-
Filesize
16KB
MD5eb52a90bb70b76e946b62f50b6f7fb85
SHA142d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0
SHA25648472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4
SHA512b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c
-
Filesize
16KB
MD5aa5a707920d457ef955e1ec23f450fb0
SHA11595502ac21ed30eaf4bb43df44c6dd30f7bea6b
SHA256fe0c3c09bb96814b9979ae0d2d07fae8480734e4cd05a2360d369ed237ca7f6f
SHA512f326c7734dda163c20541070b742fab9924f093a84192b3a9f201c9acbed90a5c419b6d3f81d806b051395091a91c956765958eee245a17b33af3db17db3b819
-
Filesize
16KB
MD52e46a62ff470ad3f813e72528b7224de
SHA1452c8f20155940e0d19c5acb5514f2140c415536
SHA256f38d41711f01c524237d18f007314da31ef68631f86e6e3c9f4a410f3ad24a0d
SHA51258c4e1d574207adf1945f145b119272ed7f6966d5b3ee2f7268f82191272fca8665ed183963ace9cf70958cc5bdec356fd2eb270315ddbbe291cb0842c9695cd
-
Filesize
16KB
MD508e6ff22c849c5ac9a790ccd707adc72
SHA19507f0bd8697ec35fa26e2325f54f4ba68737810
SHA256590b8786cb2778b1d5c3936b2fd7a6952336517dcc8a0ec1a5effd972a117895
SHA51246a7d4dfdb0f87581cba2e67f57ca26bb59c628bea8a272546a39a698586ece649c943c657e7fdfd9419c65ac15bd691c7a4a467db8d35517331d84b8cb7b897
-
Filesize
16KB
MD59ea258fc967e3555a8ca5f175ae10b97
SHA1fc190a2f2c24eaeae3adffe26e895fb6aaec475a
SHA256f6d436894ad05a804b89c7a54a5a8d0151e1368abe9ab01028831a97c6038976
SHA512f43adb2c63af3f1f0efa6f9635cb86d4c382776a929be108826e45e52652e7aeaf18c477bc4881bd3d4531535da2748ac86640eccc4a2a285eefa43987fdd103
-
Filesize
16KB
MD5b3c33e8c7cc1422847a24d3cc7a59c3b
SHA17f1b4f01947ed6083f844784fffebea835670ca2
SHA256b75ce187220ccf28751bbb9a0d1f235392b207c5d3ca82e658a5493d48f3bbdf
SHA512cc0578c0f9e76f0cc994fc4b29ff9121c8279a260607403e22853a3c4c73071734e8a3fb1118466c6d4a906d08ebed5fd929308f99f3cea357905d78e154f4bf
-
Filesize
512B
MD55bc0b090a28dbf7e13b0f48d0f3315d8
SHA10077242b1f347da4f7856f900118718c04b5c70f
SHA256009dfa7fed7186e50fb848002c6011aa0b73fe3a9db4dfa2b5543b2f65f98cee
SHA512f3c5f24b6df34967b2fe92f9c099f413983718b0a8a9293b8d4b53e851b68532142698cebec3123f979433e6e0aac4cb4e13374b895818051ced76132d4406af
-
Filesize
8KB
MD5f9ffd746f3a19de0755f5437c8e6f241
SHA15a52fcd9d6c126da424713edf6c51ff494d80dc7
SHA25676af6401166073ec26ba4044bfe9d6c7b42fe5a0d37914b51968d18c5f83c330
SHA512a6eff51c09e372a852e82d9e9b29fc6f5d451d5eaced3fb2d42edc2598d1386ef0872727a573fee915f8a76ee2d23d5470fd9c06bf83b47f67136095c44d97da
-
Filesize
4KB
MD5fd5718ababd5b3b6148069f9d2b18d46
SHA168f02aa5bc21eaf3aa6cfd5cc2995cf9e747ffe2
SHA256b4018193c4d7cabc8a7228e057028b4fdb9c00fa95809bbde80e9e96660ea41c
SHA5125c8843197f7bd051309404515988ce3790633ad11dd2aa033be0854c79b4876daab6782c4ea33feb2a4624d4398216839184a9541f6c754ad7e005afd9a43e0b
-
Filesize
8KB
MD5dbf3a00a00d14203da9145e2ba42ed68
SHA1a879ccdaf3026c3ddf577bb50065aedf3083d899
SHA256cd79e78d19bdc5453ade934451fe0e4dddaf15b41d57694bc5c78d325cdc6138
SHA51201243bda2286fc30d4c8159b46b7c167689c07ce7ed6726aa526e06e19e6e89cd361ceb049ad834d7d6561ce310a5902276364dcde76e84213a4e7893e75184f
-
Filesize
8KB
MD5b6f82059b7dc61dc5b9822e76b4f283e
SHA11c36f9d4f80855fda24393da13b3f2cba360a97f
SHA256351c2d8d8b283f982a80ee29854288ae71a766de4f179b15345010f3c7f58abd
SHA5126e181a6558ef4265133321eede450716971d28490ce873b4d1d67c2bec48caf3c03f39743eb50efe3c69116a81f2479f874d2a741aa8aed52de9509800aaefae
-
Filesize
8KB
MD59d670feb4e01fbb7fe745a719c6dd70d
SHA1972d31152ce7f2a0dddded7eb208a0405d1bff7d
SHA256bc029964efeb7543b08a45364546ee5238c7f33ac06b0dfbbcae1c722cfb3e1a
SHA51201c1f32f63cc5b5601b97cf13edb7bcd7f38ec67ae0762f6b09292ce4fa15c689e124c59a4946ffd28350ec85218212be1101674791c4fd6bf48597fffdc8645
-
Filesize
90B
MD51e267505605f229fef726f9c22cd1d46
SHA1e3c834e1e07689acdb4e168ab051c3f1e5907525
SHA2566076b836e874e4af53f82dc36f109ae30599eb4b889cc4c9b3e503bba5e49dc8
SHA512be751ea7d89a5335a2f0dc191e82a36e9dc041fdbbbe6d5e75e56a93b7129bc667871cb194f1372eac30c35dd16aa096457c891fa5fa921527ce5b63eaae8b37
-
Filesize
570B
MD5865a8b5228a8e09383fd49785c8d2d90
SHA1e3ea35cd88a7cae870edf843091b183f77018a3b
SHA2565cab6318ed7b1f63f3f2864dfc3d1255b230c9f8106be58c3552457fc40281d2
SHA5128d0a153ae393ae8c1fd2319294b3b4749ac7126ed45942d7044f306004d69e6de01166b7bd287d357fec54f05be527095c55d4b7cad4a1ab08b47af587515db5
-
Filesize
3.2MB
MD569cf159b893eefff9a8106cc3ee37e03
SHA1165207adfe8c6047ce9f3dd38aed50796c1660d1
SHA25626fb1a790377e11135bf8bfa7552cc2797d351df60154ea032ceeb4463776fdf
SHA512379960366739517c1c856834227aaa1a30a20a9bab730d4229f200192f2c643b69a3e2e114dbdd743a69577e0b7b477c0d14e71c31ee491e137ec405f79e71aa
-
Filesize
19KB
MD5cf2ed89992c1145a27f078b9da17e96c
SHA12afc75b5bc6329198ec01829e6c6acbd0c0dee01
SHA25684009ae4f9125e2d61a670b88e41ad81bba2161dc0910b4506ef6356f0ebeb78
SHA5128240cd4dcf4087b5f02400853f6820afe4b2a8825089aaa661662539fcb857b78013f8f3a9dc047034f6f42168fffcc6c1727076ab0e4eeaffcad956659de6f5
-
Filesize
24B
MD57d840b1d829b9b00f50e4d21ebafddad
SHA1c66e3d20f4c40ae5632e010df1ca93d9d16baf1c
SHA256f2d94fde13faadd882d895c981e50edfd2f441703c81b17ef842c8eacf4f4eaa
SHA512e5d21d9dd4c480112798e0be229db8c41ed3dc31822fc6a49ac5dfac2aad03c59d3b3d61c4555dc03426e72873b88f008343107f7fd02cc4addd23777298cb33
-
Filesize
24B
MD572608da9108faa8ac08989db671b3e46
SHA12120c7bb162c7c235a3d8eadc4f69af991ab5676
SHA256c8334ed3175ca316ac9e076884f9581ba91b0fb4e3b508d1cf8b45caaf7ae70d
SHA51272cacef6c650c39d4f5b3b753969a760f84db1fac953ae739ca6d778abc32b8041bd16d38e8b45840ca84282a103b88e3fa4d2e122f1603878af4f1aac9adb12