a2e9da586411cee6f15412ed34ae8b5f3e324fbe94cb78ae3e1354a612d872f2

Analysis

max time kernel
15s
max time network
137s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
02-07-2024 13:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Headshot GFX Tool and Sensitivity settings Guide_1.0_APKPure.apk
Size

12.4MB
MD5

309805380808ec8d85f86f52896ada7d
SHA1

2cc9c613563340811e6b28a8eb43059bbea771dc
SHA256

a2e9da586411cee6f15412ed34ae8b5f3e324fbe94cb78ae3e1354a612d872f2
SHA512

35cb1779456948bfc28b8076ab922e98bc6c334ad6756e017191b7597875cda7cc6d950d2959c3aa31406003452d5dc0f64f55bd37eb08277021d76ad6838529
SSDEEP

196608:alzv9hMPEPLA4HdM4fk9Cnc23XznqugNLCjc0V1Dl08wnR1vQMQ6SWlYq:MX9PLVHdw0ncODJgNL0PLDyvtSWh

Score

8^/10

discovery evasion impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 1 IoCs
evasion

System Information Discovery
T1426

Processes:

com.livevideocallingapps.headshot

ioc process

/system/app/Superuser.apk com.livevideocallingapps.headshot

ioc	process
/system/app/Superuser.apk	com.livevideocallingapps.headshot

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.livevideocallingapps.headshot

ioc	pid	process
/data/user/0/com.livevideocallingapps.headshot/cache/1608138930680.jar	4247	com.livevideocallingapps.headshot
/data/user/0/com.livevideocallingapps.headshot/files/audience_network.dex	4247	com.livevideocallingapps.headshot

Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
discovery

Process Discovery
T1424

Processes:

com.livevideocallingapps.headshot

description ioc process

Framework service call android.app.IActivityManager.getRunningAppProcesses com.livevideocallingapps.headshot
Acquires the wake lock 1 IoCs

Processes:

com.livevideocallingapps.headshot

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.livevideocallingapps.headshot
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.livevideocallingapps.headshot

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.livevideocallingapps.headshot
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

com.livevideocallingapps.headshot

description ioc process

Framework service call android.app.IActivityManager.registerReceiver com.livevideocallingapps.headshot
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

Data Encrypted for Impact
T1471

Processes:

com.livevideocallingapps.headshot

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.livevideocallingapps.headshot
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.livevideocallingapps.headshot

description ioc process

File opened for read /proc/meminfo com.livevideocallingapps.headshot

description	ioc	process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.livevideocallingapps.headshot

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.livevideocallingapps.headshot

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.livevideocallingapps.headshot

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	com.livevideocallingapps.headshot

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.livevideocallingapps.headshot

description	ioc	process
File opened for read	/proc/meminfo	com.livevideocallingapps.headshot

com.livevideocallingapps.headshot
1⤵
- Checks if the Android device is rooted.
- Loads dropped Dex/Jar
- Queries information about running processes on the device
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks memory information
PID:4247

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Process Discovery

T1424

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.livevideocallingapps.headshot/cache/1608138930680.jar
Filesize
9KB

MD5
03ee9d194982da8259d81957162c9795

SHA1
f05ab5cc908262c4dd51f3e8ca49bc346dc136b2

SHA256
d44cfb6b41231f150cf310c7c4d399be9587294e3727197e046db4a1c2c3ca3b

SHA512
241f97312aa3e4547ce7f3195667301872bded70880ce33641a26292530ec2c22614a85c7e2437c5a88fff0e6359ef9c253caa79fa49a025869ae5dcbae524ff

Download Submit
/data/data/com.livevideocallingapps.headshot/databases/androidx.work.workdb
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.livevideocallingapps.headshot/databases/androidx.work.workdb-journal
Filesize
512B

MD5
48d8c7c40107354d4d64ebc962d9aef8

SHA1
792b01c0310fcc3c3ae7ea669ca0c91dbf434e5d

SHA256
5e99ff300e7bb1a224fd47d93acbcdd310a9ceee888da6cd5b1f324868a2af3f

SHA512
232ff8a4ede1688d44895899eb1f76091186d50cb868def9594876ded08de204a3ff0e557da81ebce44193a3cf8016b387171283101a686d032dc7db9b265247

Download Submit
/data/data/com.livevideocallingapps.headshot/databases/androidx.work.workdb-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.livevideocallingapps.headshot/databases/androidx.work.workdb-wal
Filesize
88KB

MD5
e98d1aa961a756357349c62dd6ebb1c4

SHA1
03aadc165646203d20de6f30e5ddca8ce79a5029

SHA256
e8f790fd106e7915db2eac0e690a3077f17b4a0199ea25e4c4f3bf7beaaf7b9f

SHA512
5995063efb35225ee93e5efda5d69cc5d6c371fb01d869525dafeb01b08cab2ba686443f849866bc31e1421c9bf999e5ce32ceb99c42bc5762c3d2a1aa216930

Download Submit
/data/data/com.livevideocallingapps.headshot/databases/androidx.work.workdb-wal
Filesize
16KB

MD5
260f489c49a87beca4145f255f31dc8b

SHA1
624b347c6c402ce70e1fbf6afd66583e278891fa

SHA256
34830dcb3a4716772e163e43d4ed4cf666f2e91cf8fc653d1c7e6a68d1138cf2

SHA512
d5131f908770e7dc13b84a6b60ab3c325ff60f9bd23f71ac13c6ba617e6c10610a3e9be0e3036de1e97398060b904b4a5399ccbcd6ff9600efc13495bfa2123b

Download Submit
/data/data/com.livevideocallingapps.headshot/databases/com.google.android.datatransport.events-journal
Filesize
512B

MD5
dc720f9c9f746eefce43b896fdc8c544

SHA1
0e1543a59ad11c3456d5aa03ea797a82961b9b2d

SHA256
8170d2160b81965323e4e48a3f7199c692fb8a254e6b4ad7d3ebc2c8dcac9b08

SHA512
cf8a104f51fbd138b5d295cd014ef738bff3ba8ebec8926002cc90b55eed9e3c02e565edab2785b0d034ce5a4fdc23c1650c652530b723dad2de1971e0db072b

Download Submit
/data/data/com.livevideocallingapps.headshot/databases/com.google.android.datatransport.events-wal
Filesize
52KB

MD5
53d9bc87818bbff243f96f4b9392662b

SHA1
20fa2da0713041edac6483548403d0da3070ccaa

SHA256
ebd89ef381c522e0262a47016e9ffe8c7ab3e1b3eebf55b8861713f5cd20b416

SHA512
738175cfc4e30be1bbf008c4caf9809f1bb7804671fce28e85e10d4a91119df5d510230fadec99b8e24dd235b1ee5bbbb96589fc9ae5983c8de56da615b4fd51

Download Submit
/data/data/com.livevideocallingapps.headshot/databases/google_app_measurement_local.db
Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/com.livevideocallingapps.headshot/databases/google_app_measurement_local.db
Filesize
16KB

MD5
7299fa297b900249849f908c28f723ad

SHA1
fadea126f42583e9c7b31e366197b500b46fd344

SHA256
b68bb1b597c8dee68931e211710c507e768e611d2bbcd4a589fd6d81e1aea815

SHA512
4bbb9a43e0dfdd3ca953ca2f96ca689c88dcbb6b6ab346d44973e8fd2579057e016d2624d18d8326a9b8a0bc16e260bbaba26e0d542baf651e63038f061d30f9

Download Submit
/data/data/com.livevideocallingapps.headshot/databases/google_app_measurement_local.db
Filesize
16KB

MD5
7f9363db1e99a6593a6511ff8e49cd9e

SHA1
acd4cb5ff7518e5bc8879e5e6d719a84a2471338

SHA256
46e4d1227fefb50b289c276653c06359f58ccc1340d834ebaa43dc97ebfc701e

SHA512
01a06cf95009c7658c4ed043dfdf44127ebd60e4d871a2da26e4aa87d75ebb1c8be0bad5bdf721056fceea354494b8f9e2766fd98b3e0eba0d366793b102b8ba

Download Submit
/data/data/com.livevideocallingapps.headshot/databases/google_app_measurement_local.db
Filesize
16KB

MD5
eb2e8e17902c98c819dd7d5f8d69c25d

SHA1
a792b9ac365fac7cbc4d47d6a036b887e8633ec9

SHA256
5a1c985c514b4d3e5f1bda733f8d5937844e536df8e127e7ea1e6fb9d57861db

SHA512
21327310dd270068839bd3b89c180d9ede91f53f69d758f861deef32bf1194c8774ced0adad1cca18760bbe3fb076e5c59207b0365cbba90573b5a824f943011

Download Submit
/data/data/com.livevideocallingapps.headshot/databases/google_app_measurement_local.db
Filesize
16KB

MD5
ae0ac135d2ca030347909757611f8cee

SHA1
db2b68af2398869f4c070ee1e6a87be7cfa417e7

SHA256
d27e9af58c9ded7127047526670a09f3a42f11e49b3780e4056f491a5b4f8cb9

SHA512
22181844d988fc6057f39d92ce3b201386196e9845b1f40efc03181043c9f26199101572b56877bf50e55dc1224748b9d23a1c956b48b030560acc6520b360e3

Download Submit
/data/data/com.livevideocallingapps.headshot/databases/google_app_measurement_local.db
Filesize
16KB

MD5
e125072a6469c5179772ff15807fa611

SHA1
4a68c1847b5929581c2521baf74897041883ea5a

SHA256
97fa11413373945f1ae69fa2cf61a3df26e665138b820e773dde4c09ecd4f324

SHA512
409716494511002d09acbdc92109a6792f29c30f1db1fafef5ff54ab39e6e4f98b698553feb9f5c19ae3da4a12de71f079e8dc9fb6d2489196d4fa250858cbfa

Download Submit
/data/data/com.livevideocallingapps.headshot/databases/google_app_measurement_local.db-journal
Filesize
512B

MD5
261f5408f2bd9096ec700f32d5734155

SHA1
9501f93a4bbb9023b322ced6e47defd4cf01eb11

SHA256
829e9bf8292b04c69d5c92586f40ed470d7da8ad62ca885d45e93d3a00897d7f

SHA512
14d778bbaaf1ff87be1ed1856818f4a1f8b7b64d460b3ad2ec79b20a9aad039ce4a08f1957904f1ceef4c0d2d2ef2b1fac86ebd14a67384f806507d0d2e304b9

Download Submit
/data/data/com.livevideocallingapps.headshot/databases/google_app_measurement_local.db-wal
Filesize
36KB

MD5
296b77e4aaf17325a3e7b1fbdf2190a1

SHA1
2d75429db2ccefc3abdc9e2f3350fb5316f4f43c

SHA256
a23ef9573711f61322fe958b099b893d544feaf1aa6dbbbd208cd085f78ec22d

SHA512
ea10cfeccc9999fa1a310987ab0eff09b94c7ffa7f4f403e543964f9dd8ee5f052b606b7da7287f44273b5655d7f57778715c4ee84d08bfe639e29fbbbf7d006

Download Submit
/data/data/com.livevideocallingapps.headshot/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
63ef7866e75b13b29573a397b798979e

SHA1
c3870cb76ec449c7c7bab7400b201777f1d97668

SHA256
4886a28fe206dfa3568646d4cc593da05aaf4c45a72ee3da47894f3b79ec1a63

SHA512
3c73162ff3d55401ebb57bb5bab042c45b9f58944b3376ce2429ce9f9468bc74ced5ce63ea3e065e7b142e3c0c88e101eda822c40dda2b462ebca2ae912dd6da

Download Submit
/data/data/com.livevideocallingapps.headshot/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
2d42299dc3ae14103a2d260c1447cd45

SHA1
611cfba4f2a166c355db50dbeb7557cf3f6548b3

SHA256
848251962bf07e9a7d4b0e8e0efabb3913806b5d37eaa3e78572c95eeaca3661

SHA512
3e15eb11df69cde104c37eaf5b56267cedd56570af3423e9e4a22f90d73663a65ef23e7608e74c2c23ffded94429fe6b70bf1d236e251770dc9a774d0278b10d

Download Submit
/data/data/com.livevideocallingapps.headshot/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
9118d4d9e6943d6dfbce20af522ff68c

SHA1
cfd5f410086225b2367def58c7b1bdad0385d075

SHA256
541a6581e5f77552cad6177c43fc12a3d1c6a1f254f204b621db6d2b0677c3da

SHA512
01393d4eb776010434cf63cd9529853de915a3cd52832f63de3dbcf7b589a0a5c200941640002122cdfd08491c632baf8fe982f9d845f324086311943ecdd306

Download Submit
/data/data/com.livevideocallingapps.headshot/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
91fe380a91f2bdd650e7724482da7ec1

SHA1
d5f9bc2e17170fabaa8b2dd7e47f1de58151c8ff

SHA256
150681570515dba88df02440696d3c0c38deba163be163e41941170c29ba65a8

SHA512
05471d9595758c726faecfd0703ac5e734052428dbb10f30f600d8c8886f2e6e1afa87b1afd511ae770029f3c84d961707eb32809b455e0562717c16f76707cc

Download Submit
/data/data/com.livevideocallingapps.headshot/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
766184a2b36cdea13e049410244d9988

SHA1
07efcba52026efb1d53663f21756a7e8fcb1818c

SHA256
353fa1fb41ac16f326c1fceac2e2e141449b44f73d47ca8d8bcf33ecc2185f87

SHA512
d5497de2c479316b4b4f7ed9390a7df99fe35daf83270cf3976d3a064db7a1546b1ba71f2b304e4480d997d943908f2d90b1bab5fa0a33e94b6eca44944f0833

Download Submit
/data/data/com.livevideocallingapps.headshot/files/PersistedInstallation3154201680972330759tmp
Filesize
570B

MD5
669fc69a552cae903706ccfb8dff9a20

SHA1
b8bda3ae7bd48e71c6179bfbd4748f4fe44fb74f

SHA256
5c81a0b9dc03909faffc68fd2ab8ebfb0c0d4103042fb2040bdab2edcc22541a

SHA512
418c989e1de4584fe27d86e6d05cd18316c29485ec0d8b0df2015306675cc79e831a7183dfa42f0d4a02873a0d65f70a5d163fe198adc4f353b106db0078ac84

Download Submit
/data/data/com.livevideocallingapps.headshot/files/PersistedInstallation4612157730780582426tmp
Filesize
90B

MD5
91eb353ecbfb173e144a2c2acd3c0fab

SHA1
6a2d44ea8998057bd89aea2a3a6b1046f724738c

SHA256
f81040e0828e77cdd09e610b73c228dab2ce53e5335c1f7f2d425d5793bc0c24

SHA512
9c060acaf72d628a89b0adac980edbdbc43153a9ab0e789c01397dade88690c116d2dfb1ccc6a1a157789297a7e92506015bdcd1f22726ede69ae1763872625a

Download Submit
/data/data/com.livevideocallingapps.headshot/files/audience_network.dex
Filesize
3.2MB

MD5
69cf159b893eefff9a8106cc3ee37e03

SHA1
165207adfe8c6047ce9f3dd38aed50796c1660d1

SHA256
26fb1a790377e11135bf8bfa7552cc2797d351df60154ea032ceeb4463776fdf

SHA512
379960366739517c1c856834227aaa1a30a20a9bab730d4229f200192f2c643b69a3e2e114dbdd743a69577e0b7b477c0d14e71c31ee491e137ec405f79e71aa

Download Submit
/data/user/0/com.livevideocallingapps.headshot/cache/1608138930680.jar
Filesize
19KB

MD5
cf2ed89992c1145a27f078b9da17e96c

SHA1
2afc75b5bc6329198ec01829e6c6acbd0c0dee01

SHA256
84009ae4f9125e2d61a670b88e41ad81bba2161dc0910b4506ef6356f0ebeb78

SHA512
8240cd4dcf4087b5f02400853f6820afe4b2a8825089aaa661662539fcb857b78013f8f3a9dc047034f6f42168fffcc6c1727076ab0e4eeaffcad956659de6f5

Download Submit