Analysis
-
max time kernel
32s -
max time network
172s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
-
submitted
02-07-2024 00:08
General
-
Target
Headshot GFX Tool and Sensitivity settings Guide_1.0_APKPure.apk
-
Size
13.6MB
-
MD5
4d3833446c806d12317eff6fcf5a2ac1
-
SHA1
39faddbe2c58a373f7f4d26b9ec00202a79ef7fb
-
SHA256
9534297f808b1faa8d6be0dc9485c7081e0208211110bca24b1642aa4318c3c9
-
SHA512
391037468a8ee326d5e3d0c178000136bc9496822ad901b01576a7845fa1e8160971e7bded78ab19a894c8bc61b99e24a1807f799eacd093319a837d6e2c5189
-
SSDEEP
196608:S2ZyIdmW99evCihSdHO+L4kzTiBHY23XznWSgNLifYJV1Dlo8wnF1vQAAqWWpY1:tLdLVnF4QuHYODZgNLIqLDOvxWWm
Malware Config
Signatures
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Acquires the wake lock 1 IoCs
-
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about active data network 1 TTPs 1 IoCs
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.livevideocallingapps.headshot1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Discovery
System Information Discovery
2System Network Configuration Discovery
1System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
9KB
MD503ee9d194982da8259d81957162c9795
SHA1f05ab5cc908262c4dd51f3e8ca49bc346dc136b2
SHA256d44cfb6b41231f150cf310c7c4d399be9587294e3727197e046db4a1c2c3ca3b
SHA512241f97312aa3e4547ce7f3195667301872bded70880ce33641a26292530ec2c22614a85c7e2437c5a88fff0e6359ef9c253caa79fa49a025869ae5dcbae524ff
-
Filesize
512B
MD5c7ab78c76609d124dfbcb75de8c14a31
SHA16bde01fc7943125c047f059ea33d9c4041d29227
SHA256455eb06d3eacee721979cc9c674c816323d4d8e94f468d20f490887aba3ae741
SHA51203326ef9bf82cd997c173177d0381b95dcc0cd7e6f245c4d16a9a47ad0cdc98459687a54c5e1459f67914c41e48c6024c717429dc0cbaf5b7b779bb320cda167
-
Filesize
88KB
MD5ab62f448554fd7f5f7352c8e9f9e903b
SHA1c94521ab595a37536ff7684508c85bc322ef729f
SHA256505325c28457cfd9a63a2c35dadc67efa6778608ac8c510f3de89ccc07ee59c4
SHA512837eba792343004af8871e1c22cc78e7535abb2429b09caabc981791931be26e172728a3b88519009a14d09e0edcec3be69dc67222bca6b0755ab54d19e0f4b5
-
Filesize
16KB
MD54e9d72d28373dbc28594e72d31a35afa
SHA167a9ecd9c75e616a4387dbf218c735fb7909b477
SHA256a0b44f2edde03b6d66ac690cc83c921acca3f444bd953d06557ec1ffa01e1f6c
SHA51295e25c55dba91c2378c853279af0ee721506051395b5cd81c00d073cbd89c66c25697759291d0c8d5c99ca5ddcc897d2150d1087ecdb601ce8a20a73c298404a
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD56c3aa6977019e1d657c4f87a65950157
SHA1ce17361dee0a87732c65f5fa0e74b1ee303f1524
SHA256cd811cc560b3d200145deb750cfd3a28be3a81989920f77ca42df4a392eda918
SHA5129b920e972afbbf5de3d6a2b714b3475156bb86c271fce27306688a0b89e300b3bf09c15cee24a650d21fe1a220eaf96dcdd9f16f4b0b9f616327ac4bdfe7255f
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
52KB
MD5c30d0b99ceaaa560bef4b23121c8b188
SHA1fde1cb2bc1ffb90d587a20b92ffaae5a2cf9c2cb
SHA2569912854749529a88d469c8aeba7784e541a0308754966b36cd427bcf88f9b56f
SHA512a00aab707df65e9c77408521a65a236b7d68dfa8eac60e45dada41199c5236d079d518a2de32a9639c06a71906fbc29e7dc2c1d2f50cfea363ce6dedbd91fe7e
-
Filesize
16KB
MD57237409e0640cfab7bdbd429bf821a3b
SHA14c3da934842f8d4835dfe2a9c275a300e5123309
SHA2565c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f
-
Filesize
16KB
MD52d27eed60a4be9db6c83faead73b3357
SHA17dbe3dbd631b15cfe24e8f13e670fe4de0f98837
SHA256e73510d4e11d03b07fba32e8ab281e5aee92fb9a76cc7d28d4430654bf3c26f3
SHA5124cc0166cd46bb4a42f8fd7652711bc0a654247c375bc429156640963b4c8772decd6db9c858a4b772a893cc249fab7894b084313b54140b245229b5e43935062
-
Filesize
16KB
MD55118c5ca1e0f197ae922e7f1bba2f403
SHA1bdf3b0d9997e1636b04ff86de0533babc6542347
SHA256e25c84f300673c6d9dcdbb91cf1326b941afe66568f957cf547ba1ae315c7d38
SHA512c491cd13185844478dc3454b33b0ee24b84309ac80f8b97cc9ff80f210ff722b1da6dfec90664ca602fa93bfd4683ba7b5f9e950bcd0cdf91f2efe78da065cf2
-
Filesize
16KB
MD5eb8dbfab18bee9fbb37a1c505244f0f1
SHA1f48b934b7e3bacb94b1e5230b79d255d987ea06a
SHA256266cfd4c1b37fda6992f0188c46617f1ccdbbe9666fee2cfc65244f0cf0e7292
SHA512755f4d7ee89fc7de7d23520c69716e5969f8995cc4818481d208eef6c9ca7f649f128aab9ce1c11cb35abe3e289a41ab14811715b6a98d841875d4fdebf1649b
-
Filesize
16KB
MD5ce58bc2b562b5e6d61e242d37c1d4b10
SHA1acf82725dcff828df8be8cf708bfe1ff1420d6c8
SHA256f5891c0cb2ea47874e672991dca0dd5b7e6ddcbb2f7310804d78b13c49aaf0cc
SHA5126ca9fe15822006e2156b122363438d471e40b8536fdd502c8220414b9d56679e4245b71a1b343e63bbff0888d6efeed5943ad697f259dcd290f78a0e14934f34
-
Filesize
16KB
MD5c24884271e71fadbf48e44054e0ad00f
SHA1b094bb1ac6285375de1a0134a0de488b9f395df4
SHA25687c14ad8ba72defe493dbf3ea3b13387f60d4ebfa08a07d9fef44e9dd8fd280c
SHA512c621d1463a8e491fb48c1e0c4750d6098370f5bb02c641546f9b0178abba8e4c9b3aa5d81660a6da85cf1bae62b238c34021151e83dd24206c5d49b36f85b290
-
Filesize
512B
MD58864d882d1eb1138e71814428e5cc99d
SHA1925115fbdd486bc6650bcb095aad4dab62b91352
SHA2569ed024cba38521bb56d9b4970c2d81e7d8bf523542e3d10a3c95aa63549f3323
SHA51248952b17449f7c3bd5557c255de17e7a09de9bb83b4131b4dc161ca0145be550bf05a535b9730c2074de800e2ae7af819c859c037993aceb8a3090ec46601d54
-
Filesize
36KB
MD53d8556f2bdecafee1a11efc68d3df319
SHA133aeafc3b24622644b579dd9ae1e2b59940c65c6
SHA2561e3d11ad12dcfa05c013c8df222877560b08b16cf408cf2c42ad498b3b4eafc6
SHA5120a6ea3848ab198ed55e50ba67f1fcea3f3d583487b9cedd5f14fd0d529c6f2681d4c78d978556e834f0ec1137e6edd70a69b22258bc857b17b3d7bdf71f6553d
-
Filesize
4KB
MD5158f0624f4e6262db995dacc2d29d50b
SHA1c4a8a23206b60f1921bedd4b9f99adaf7454f78a
SHA256564aa2ec022ec8075611410bd5bf98030d6b25190425dfd46dc892011fb7277b
SHA512f0f3f39f442b344615e5e135dbab1c0169c8cc5d91c18567edc06778b31b6ea23fe217f560b1c1190b92b4cf52c02248b5ceb44208d1c08e2e771bd22bbecdf3
-
Filesize
4KB
MD511e7fadb0d33a3ec7788cd86cee12468
SHA111caef11d45f5a6e67ed58944b79219a5770a77a
SHA25691c4ff2a8e2a7d4080f597bd6d4c44c9b0cc83feba01593fd75fc7d8a0c472f0
SHA512d8a71f0164feadd6db256977b1a978b640b065fc85bbd10b92a2151ae3f2ace96aa369cf9bf55d6805c04fc29168e37ac30469c01c4cbb464160a0d6dc69398a
-
Filesize
4KB
MD5123b881a92ee80e6fe0233a37f48bc77
SHA1a716a60530fcefa56927e6351872bcc8b183aa81
SHA2564ffbec75d3b3ae7d2c0fc8f2c9b7216fb9ed8812a2e24b47ae0cbd62bbae4ff6
SHA512d6ed3ce63d3a352db77dc326430314158fbedbbf1e1a17fb220a335ad73b2b505a51f2056fe2ade4e05f15a4fe0e1b8db759af2462db9286b0c3873a8bb41a2a
-
Filesize
4KB
MD54831d7944fa3defc7d0c44f0cfe2775c
SHA1e73a54795484cd1e9bf623965a8b3241cd1ab4c6
SHA2560861f39dcd6f7f763c719cd317c95357239357ea98b909ad15212a5be23d5549
SHA51274337e55191bc709ac9ea249213ccb103ce83db391fb1a67c3f31156d9167a34fc6c6bf28f1e9aafd14f0bf34359dd4841d3b4d18a97dece53ba91ff3bbe16a4
-
Filesize
4KB
MD55b86a98cfe176d31f7c3b6429924f7c8
SHA13c0cc2782e1c924abeb2c43d3e7b771a17578f63
SHA25678f822fdb97f0ce420bbc27019db616676a0c3d6112aca1dd0af7306db94a44f
SHA512fa84ae6dc5186089bbba5354fad5d55456f12643b7b0504a265af2c87ed4e80b52fb0a167ed47742daee9e6f84b3059d74cae60a02a9b6579fc2deeb50213be2
-
Filesize
566B
MD584a04550a7b5658c35ac1ed35dbaa4ad
SHA1fad0b57410daedf90f5bbcc837c07c6e280408dc
SHA256dbebd9f4a8ae310f0ff94752d5f98e83e9316bf41b70e8126bc005ddb9243575
SHA512b966ffe35d8ac64eb797453a2640c017b0862797cb3777ef13d32ec94a63bf9c23d26b540fb3bc7098b8cf7cb5059f71ee4f0237ec5b1d6b9bf50da512b9ca85
-
Filesize
90B
MD5178181c88d8166fa1cb1054d063a56ad
SHA13e66ed05c820140b3dac70dd1aec695d2fa347ad
SHA25650460d65c33e6e71d29075eabea82472568c41dfeacc23c459075af11e300f91
SHA5129967589415c48990d03f6c511950d99c37a46d4663eff8c5a946368ee7032397ad749348ff2b89a3b3cb4c6f63f2514e9e7038eddf31069e24cfb974428a13aa
-
Filesize
3.2MB
MD569cf159b893eefff9a8106cc3ee37e03
SHA1165207adfe8c6047ce9f3dd38aed50796c1660d1
SHA25626fb1a790377e11135bf8bfa7552cc2797d351df60154ea032ceeb4463776fdf
SHA512379960366739517c1c856834227aaa1a30a20a9bab730d4229f200192f2c643b69a3e2e114dbdd743a69577e0b7b477c0d14e71c31ee491e137ec405f79e71aa
-
Filesize
24B
MD56fb95970a56cbb0b0099f6494595024f
SHA1b679d36711bc12604437c8d770ae5c7e961bc186
SHA256e4c6ebaea259d983df2d363f9a71ae8649fdf2d49fcaefc6c43c33b65e2839da
SHA5123506c380c3d6ba65dc6ec7d09a5ecacc9fbc4223057d9dff939a512477f8b1538f231f5dcb1a1b13c09ab32df70976426a678a0c4e89fbd469954e6f4097e1b1
-
Filesize
36B
MD544abbff4966121dce248678525d33bea
SHA1bc3259c60f8bdad0e950f4f960cd895a1c007769
SHA25642cfbc29439b1ba6ce656d375cf28baf58dfe183bc7395970971ac9de3504faa
SHA512300b446925a137c5c5501df53fa6d0550481bc6da8bbe0b2449d3caca0e37032b918e7ae87a45f717d0dbecfe65239f492b89fc2e77b49c6beb0ce3dd545c5b2