Overview

overview

10

Static

static

10

Headshot G...re.apk

android-10-x64

8

Headshot G...re.apk

android-11-x64

8

Headshot G...re.apk

android-13-x64

8

Headshot G...re.apk

android-9-x86

7

Analysis

  • max time kernel
    32s
  • max time network
    172s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    02-07-2024 00:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Headshot GFX Tool and Sensitivity settings Guide_1.0_APKPure.apk

  • Size

    13.6MB

  • MD5

    4d3833446c806d12317eff6fcf5a2ac1

  • SHA1

    39faddbe2c58a373f7f4d26b9ec00202a79ef7fb

  • SHA256

    9534297f808b1faa8d6be0dc9485c7081e0208211110bca24b1642aa4318c3c9

  • SHA512

    391037468a8ee326d5e3d0c178000136bc9496822ad901b01576a7845fa1e8160971e7bded78ab19a894c8bc61b99e24a1807f799eacd093319a837d6e2c5189

  • SSDEEP

    196608:S2ZyIdmW99evCihSdHO+L4kzTiBHY23XznWSgNLifYJV1Dlo8wnF1vQAAqWWpY1:tLdLVnF4QuHYODZgNLIqLDOvxWWm

Score
7/10
collectioncredential_accessdiscoveryevasionexecutionimpactpersistence

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.livevideocallingapps.headshot
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4260

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

System Information Discovery

2
T1426

System Network Configuration Discovery

1
T1422

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.livevideocallingapps.headshot/cache/1608138930680.jar
    Filesize

    9KB

    MD5

    03ee9d194982da8259d81957162c9795

    SHA1

    f05ab5cc908262c4dd51f3e8ca49bc346dc136b2

    SHA256

    d44cfb6b41231f150cf310c7c4d399be9587294e3727197e046db4a1c2c3ca3b

    SHA512

    241f97312aa3e4547ce7f3195667301872bded70880ce33641a26292530ec2c22614a85c7e2437c5a88fff0e6359ef9c253caa79fa49a025869ae5dcbae524ff

    Download Submit
  • /data/data/com.livevideocallingapps.headshot/databases/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    c7ab78c76609d124dfbcb75de8c14a31

    SHA1

    6bde01fc7943125c047f059ea33d9c4041d29227

    SHA256

    455eb06d3eacee721979cc9c674c816323d4d8e94f468d20f490887aba3ae741

    SHA512

    03326ef9bf82cd997c173177d0381b95dcc0cd7e6f245c4d16a9a47ad0cdc98459687a54c5e1459f67914c41e48c6024c717429dc0cbaf5b7b779bb320cda167

    Download Submit
  • /data/data/com.livevideocallingapps.headshot/databases/androidx.work.workdb-wal
    Filesize

    88KB

    MD5

    ab62f448554fd7f5f7352c8e9f9e903b

    SHA1

    c94521ab595a37536ff7684508c85bc322ef729f

    SHA256

    505325c28457cfd9a63a2c35dadc67efa6778608ac8c510f3de89ccc07ee59c4

    SHA512

    837eba792343004af8871e1c22cc78e7535abb2429b09caabc981791931be26e172728a3b88519009a14d09e0edcec3be69dc67222bca6b0755ab54d19e0f4b5

    Download Submit
  • /data/data/com.livevideocallingapps.headshot/databases/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    4e9d72d28373dbc28594e72d31a35afa

    SHA1

    67a9ecd9c75e616a4387dbf218c735fb7909b477

    SHA256

    a0b44f2edde03b6d66ac690cc83c921acca3f444bd953d06557ec1ffa01e1f6c

    SHA512

    95e25c55dba91c2378c853279af0ee721506051395b5cd81c00d073cbd89c66c25697759291d0c8d5c99ca5ddcc897d2150d1087ecdb601ce8a20a73c298404a

    Download Submit
  • /data/data/com.livevideocallingapps.headshot/databases/com.google.android.datatransport.events
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit
  • /data/data/com.livevideocallingapps.headshot/databases/com.google.android.datatransport.events-journal
    Filesize

    512B

    MD5

    6c3aa6977019e1d657c4f87a65950157

    SHA1

    ce17361dee0a87732c65f5fa0e74b1ee303f1524

    SHA256

    cd811cc560b3d200145deb750cfd3a28be3a81989920f77ca42df4a392eda918

    SHA512

    9b920e972afbbf5de3d6a2b714b3475156bb86c271fce27306688a0b89e300b3bf09c15cee24a650d21fe1a220eaf96dcdd9f16f4b0b9f616327ac4bdfe7255f

    Download Submit
  • /data/data/com.livevideocallingapps.headshot/databases/com.google.android.datatransport.events-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit
  • /data/data/com.livevideocallingapps.headshot/databases/com.google.android.datatransport.events-wal
    Filesize

    52KB

    MD5

    c30d0b99ceaaa560bef4b23121c8b188

    SHA1

    fde1cb2bc1ffb90d587a20b92ffaae5a2cf9c2cb

    SHA256

    9912854749529a88d469c8aeba7784e541a0308754966b36cd427bcf88f9b56f

    SHA512

    a00aab707df65e9c77408521a65a236b7d68dfa8eac60e45dada41199c5236d079d518a2de32a9639c06a71906fbc29e7dc2c1d2f50cfea363ce6dedbd91fe7e

    Download Submit
  • /data/data/com.livevideocallingapps.headshot/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    7237409e0640cfab7bdbd429bf821a3b

    SHA1

    4c3da934842f8d4835dfe2a9c275a300e5123309

    SHA256

    5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

    SHA512

    c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

    Download Submit
  • /data/data/com.livevideocallingapps.headshot/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    2d27eed60a4be9db6c83faead73b3357

    SHA1

    7dbe3dbd631b15cfe24e8f13e670fe4de0f98837

    SHA256

    e73510d4e11d03b07fba32e8ab281e5aee92fb9a76cc7d28d4430654bf3c26f3

    SHA512

    4cc0166cd46bb4a42f8fd7652711bc0a654247c375bc429156640963b4c8772decd6db9c858a4b772a893cc249fab7894b084313b54140b245229b5e43935062

    Download Submit
  • /data/data/com.livevideocallingapps.headshot/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    5118c5ca1e0f197ae922e7f1bba2f403

    SHA1

    bdf3b0d9997e1636b04ff86de0533babc6542347

    SHA256

    e25c84f300673c6d9dcdbb91cf1326b941afe66568f957cf547ba1ae315c7d38

    SHA512

    c491cd13185844478dc3454b33b0ee24b84309ac80f8b97cc9ff80f210ff722b1da6dfec90664ca602fa93bfd4683ba7b5f9e950bcd0cdf91f2efe78da065cf2

    Download Submit
  • /data/data/com.livevideocallingapps.headshot/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    eb8dbfab18bee9fbb37a1c505244f0f1

    SHA1

    f48b934b7e3bacb94b1e5230b79d255d987ea06a

    SHA256

    266cfd4c1b37fda6992f0188c46617f1ccdbbe9666fee2cfc65244f0cf0e7292

    SHA512

    755f4d7ee89fc7de7d23520c69716e5969f8995cc4818481d208eef6c9ca7f649f128aab9ce1c11cb35abe3e289a41ab14811715b6a98d841875d4fdebf1649b

    Download Submit
  • /data/data/com.livevideocallingapps.headshot/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    ce58bc2b562b5e6d61e242d37c1d4b10

    SHA1

    acf82725dcff828df8be8cf708bfe1ff1420d6c8

    SHA256

    f5891c0cb2ea47874e672991dca0dd5b7e6ddcbb2f7310804d78b13c49aaf0cc

    SHA512

    6ca9fe15822006e2156b122363438d471e40b8536fdd502c8220414b9d56679e4245b71a1b343e63bbff0888d6efeed5943ad697f259dcd290f78a0e14934f34

    Download Submit
  • /data/data/com.livevideocallingapps.headshot/databases/google_app_measurement_local.db
    Filesize

    16KB

    MD5

    c24884271e71fadbf48e44054e0ad00f

    SHA1

    b094bb1ac6285375de1a0134a0de488b9f395df4

    SHA256

    87c14ad8ba72defe493dbf3ea3b13387f60d4ebfa08a07d9fef44e9dd8fd280c

    SHA512

    c621d1463a8e491fb48c1e0c4750d6098370f5bb02c641546f9b0178abba8e4c9b3aa5d81660a6da85cf1bae62b238c34021151e83dd24206c5d49b36f85b290

    Download Submit
  • /data/data/com.livevideocallingapps.headshot/databases/google_app_measurement_local.db-journal
    Filesize

    512B

    MD5

    8864d882d1eb1138e71814428e5cc99d

    SHA1

    925115fbdd486bc6650bcb095aad4dab62b91352

    SHA256

    9ed024cba38521bb56d9b4970c2d81e7d8bf523542e3d10a3c95aa63549f3323

    SHA512

    48952b17449f7c3bd5557c255de17e7a09de9bb83b4131b4dc161ca0145be550bf05a535b9730c2074de800e2ae7af819c859c037993aceb8a3090ec46601d54

    Download Submit
  • /data/data/com.livevideocallingapps.headshot/databases/google_app_measurement_local.db-wal
    Filesize

    36KB

    MD5

    3d8556f2bdecafee1a11efc68d3df319

    SHA1

    33aeafc3b24622644b579dd9ae1e2b59940c65c6

    SHA256

    1e3d11ad12dcfa05c013c8df222877560b08b16cf408cf2c42ad498b3b4eafc6

    SHA512

    0a6ea3848ab198ed55e50ba67f1fcea3f3d583487b9cedd5f14fd0d529c6f2681d4c78d978556e834f0ec1137e6edd70a69b22258bc857b17b3d7bdf71f6553d

    Download Submit
  • /data/data/com.livevideocallingapps.headshot/databases/google_app_measurement_local.db-wal
    Filesize

    4KB

    MD5

    158f0624f4e6262db995dacc2d29d50b

    SHA1

    c4a8a23206b60f1921bedd4b9f99adaf7454f78a

    SHA256

    564aa2ec022ec8075611410bd5bf98030d6b25190425dfd46dc892011fb7277b

    SHA512

    f0f3f39f442b344615e5e135dbab1c0169c8cc5d91c18567edc06778b31b6ea23fe217f560b1c1190b92b4cf52c02248b5ceb44208d1c08e2e771bd22bbecdf3

    Download Submit
  • /data/data/com.livevideocallingapps.headshot/databases/google_app_measurement_local.db-wal
    Filesize

    4KB

    MD5

    11e7fadb0d33a3ec7788cd86cee12468

    SHA1

    11caef11d45f5a6e67ed58944b79219a5770a77a

    SHA256

    91c4ff2a8e2a7d4080f597bd6d4c44c9b0cc83feba01593fd75fc7d8a0c472f0

    SHA512

    d8a71f0164feadd6db256977b1a978b640b065fc85bbd10b92a2151ae3f2ace96aa369cf9bf55d6805c04fc29168e37ac30469c01c4cbb464160a0d6dc69398a

    Download Submit
  • /data/data/com.livevideocallingapps.headshot/databases/google_app_measurement_local.db-wal
    Filesize

    4KB

    MD5

    123b881a92ee80e6fe0233a37f48bc77

    SHA1

    a716a60530fcefa56927e6351872bcc8b183aa81

    SHA256

    4ffbec75d3b3ae7d2c0fc8f2c9b7216fb9ed8812a2e24b47ae0cbd62bbae4ff6

    SHA512

    d6ed3ce63d3a352db77dc326430314158fbedbbf1e1a17fb220a335ad73b2b505a51f2056fe2ade4e05f15a4fe0e1b8db759af2462db9286b0c3873a8bb41a2a

    Download Submit
  • /data/data/com.livevideocallingapps.headshot/databases/google_app_measurement_local.db-wal
    Filesize

    4KB

    MD5

    4831d7944fa3defc7d0c44f0cfe2775c

    SHA1

    e73a54795484cd1e9bf623965a8b3241cd1ab4c6

    SHA256

    0861f39dcd6f7f763c719cd317c95357239357ea98b909ad15212a5be23d5549

    SHA512

    74337e55191bc709ac9ea249213ccb103ce83db391fb1a67c3f31156d9167a34fc6c6bf28f1e9aafd14f0bf34359dd4841d3b4d18a97dece53ba91ff3bbe16a4

    Download Submit
  • /data/data/com.livevideocallingapps.headshot/databases/google_app_measurement_local.db-wal
    Filesize

    4KB

    MD5

    5b86a98cfe176d31f7c3b6429924f7c8

    SHA1

    3c0cc2782e1c924abeb2c43d3e7b771a17578f63

    SHA256

    78f822fdb97f0ce420bbc27019db616676a0c3d6112aca1dd0af7306db94a44f

    SHA512

    fa84ae6dc5186089bbba5354fad5d55456f12643b7b0504a265af2c87ed4e80b52fb0a167ed47742daee9e6f84b3059d74cae60a02a9b6579fc2deeb50213be2

    Download Submit
  • /data/data/com.livevideocallingapps.headshot/files/PersistedInstallation2932421087551085499tmp
    Filesize

    566B

    MD5

    84a04550a7b5658c35ac1ed35dbaa4ad

    SHA1

    fad0b57410daedf90f5bbcc837c07c6e280408dc

    SHA256

    dbebd9f4a8ae310f0ff94752d5f98e83e9316bf41b70e8126bc005ddb9243575

    SHA512

    b966ffe35d8ac64eb797453a2640c017b0862797cb3777ef13d32ec94a63bf9c23d26b540fb3bc7098b8cf7cb5059f71ee4f0237ec5b1d6b9bf50da512b9ca85

    Download Submit
  • /data/data/com.livevideocallingapps.headshot/files/PersistedInstallation6394623170934791020tmp
    Filesize

    90B

    MD5

    178181c88d8166fa1cb1054d063a56ad

    SHA1

    3e66ed05c820140b3dac70dd1aec695d2fa347ad

    SHA256

    50460d65c33e6e71d29075eabea82472568c41dfeacc23c459075af11e300f91

    SHA512

    9967589415c48990d03f6c511950d99c37a46d4663eff8c5a946368ee7032397ad749348ff2b89a3b3cb4c6f63f2514e9e7038eddf31069e24cfb974428a13aa

    Download Submit
  • /data/data/com.livevideocallingapps.headshot/files/audience_network.dex
    Filesize

    3.2MB

    MD5

    69cf159b893eefff9a8106cc3ee37e03

    SHA1

    165207adfe8c6047ce9f3dd38aed50796c1660d1

    SHA256

    26fb1a790377e11135bf8bfa7552cc2797d351df60154ea032ceeb4463776fdf

    SHA512

    379960366739517c1c856834227aaa1a30a20a9bab730d4229f200192f2c643b69a3e2e114dbdd743a69577e0b7b477c0d14e71c31ee491e137ec405f79e71aa

    Download Submit
  • /storage/emulated/0/Config/sys/apps/log/log-2024-07-02.txt
    Filesize

    24B

    MD5

    6fb95970a56cbb0b0099f6494595024f

    SHA1

    b679d36711bc12604437c8d770ae5c7e961bc186

    SHA256

    e4c6ebaea259d983df2d363f9a71ae8649fdf2d49fcaefc6c43c33b65e2839da

    SHA512

    3506c380c3d6ba65dc6ec7d09a5ecacc9fbc4223057d9dff939a512477f8b1538f231f5dcb1a1b13c09ab32df70976426a678a0c4e89fbd469954e6f4097e1b1

    Download Submit
  • /storage/emulated/0/Config/sys/apps/log/log-2024-07-02.txt
    Filesize

    36B

    MD5

    44abbff4966121dce248678525d33bea

    SHA1

    bc3259c60f8bdad0e950f4f960cd895a1c007769

    SHA256

    42cfbc29439b1ba6ce656d375cf28baf58dfe183bc7395970971ac9de3504faa

    SHA512

    300b446925a137c5c5501df53fa6d0550481bc6da8bbe0b2449d3caca0e37032b918e7ae87a45f717d0dbecfe65239f492b89fc2e77b49c6beb0ce3dd545c5b2

    Download Submit