Analysis Overview
SHA256
31531d515ce40ecd4f674b34856e9a149c96e94f71a53b5127cee71357b646eb
Threat Level: Shows suspicious behavior
The file Codex_2.621.apk was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks memory information
Checks CPU information
Acquires the wake lock
Checks if the internet connection is available
Requests dangerous framework permissions
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-18 18:49
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application a broad access to external storage in scoped storage. | android.permission.MANAGE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-18 18:49
Reported
2024-05-18 18:51
Platform
android-x86-arm-20240514-en
Max time kernel
5s
Max time network
34s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
com.roblox.client
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.195:443 | tcp | |
| GB | 142.250.187.195:443 | tcp | |
| US | 1.1.1.1:53 | digitalassetlinks.googleapis.com | udp |
| GB | 216.58.212.227:443 | tcp | |
| US | 1.1.1.1:53 | clientsettingscdn.roblox.com | udp |
| GB | 23.215.232.238:443 | clientsettingscdn.roblox.com | tcp |
| GB | 142.250.180.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.201.110:443 | android.apis.google.com | tcp |
Files
/data/data/com.roblox.client/no_backup/com.google.InstanceId.properties
| MD5 | dac35c6a422ab572e1409fb9f940c24b |
| SHA1 | adf1355d11ae8e13e536aafffd2d8d7a92bdb5e5 |
| SHA256 | a25e9dfb61ece3dbc5706b52fcbdad05a4861646e500ac660b6e47d94f63597c |
| SHA512 | 3161a58d30fe946fe74310c7940f4c02b1401266c011d8517d2c9db5654f83b7f644f2feb155201ae1c020e9dfc676402729f954fc69803464fd1e2765b80a04 |
/data/data/com.roblox.client/cache/journal.tmp
| MD5 | 37e8e716e0e2f4a0b05cd9571d95b84d |
| SHA1 | f8d068f6931707bddb8cd69f706f2224ad1fea3c |
| SHA256 | 7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca |
| SHA512 | e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6 |
/data/data/com.roblox.client/files/PersistedInstallation4624509065037252809tmp
| MD5 | 6b00dd2ab482ff2427fb0efdb6cd646a |
| SHA1 | b3b6589e23212ba36a934bed40511b0b631373c3 |
| SHA256 | 70d5d1d83b85616782441b3b2601e54d5e1dcbb1895af43817c7bf7a2536c6ba |
| SHA512 | bf7ded34f20fdffe49f7d2d4cd7a152aa9ebfba5de6b6108a0e26e1c5f3a202cf62eaf98cf115dfff7ab28256807eed7893bc5341d1132287373c810409e6c95 |
/data/data/com.roblox.client/cache/journal
| MD5 | bee12dcafa2d76cd86166d375d26d252 |
| SHA1 | cb637ccdf0cc6d575ce9e7665606cfd49eb6dda5 |
| SHA256 | 101a2f52f15d9b3c1b17bd42743354f02145203e885ed4cb54473722ca9fd7d0 |
| SHA512 | fb418ed9637c61f875efb44ece61604028aad0603578d059d4d0226522a8dcb7b420065d5001b0f1b0a9b8ce514aed4fe53254359577dd1c9b945f2f4f756039 |
/data/data/com.roblox.client/databases/google_app_measurement_local.db-journal
| MD5 | bffead343c5334cde8e9d5ef9797ad75 |
| SHA1 | 8a11f54df8f98d2ae7ad1376c0ee86038c08de94 |
| SHA256 | bee9f1f474b757f4fd133019deb31ead606fe258a10af55d0b3fb55b8c8e0fdd |
| SHA512 | 9064ea05de3d3b4f359242a862d83384961d7a5bdcd472f0b51b3a417e86863abea398dee3d1ced451230f4ab699192ffa8c8eba2fb5b4431ae0652975846f04 |
/data/data/com.roblox.client/cache/0de3774d53f29efb27fa09a940a0ec5f.0.tmp
| MD5 | 57b27a9be45cffd06ea5cfd4fce974fe |
| SHA1 | 14e0a5cb5626fbda8ba80b044708befc401ea125 |
| SHA256 | 33b449e6e6bd5e18203f4f023a4971e6ebc41545c04bcba4a4529cda4062d557 |
| SHA512 | 422276bb181ba59e6a8e70f68527fea16988e9ace0260de570f0137d8e7a56aabad0ecbb6c67d706066cc922b69c1cdded64c725228b57a6dae0d0f0d98fa111 |
/data/data/com.roblox.client/cache/0de3774d53f29efb27fa09a940a0ec5f.1.tmp
| MD5 | 39cc03f4dad8602327e2af82859a7db7 |
| SHA1 | fd8df03b8faa4133096cb26993be9d911be27159 |
| SHA256 | f69272d8be5168e51be6516990871e3b0f826b866916322f826d05039194fa89 |
| SHA512 | ebbd31edff8054938997d111412310b40fe25f34b5330555f8a4bb0a0b9f3b30e48402c302b0fa06d633f6c47589d30372750d5f571df2673df525d9714978b7 |
/data/data/com.roblox.client/databases/google_app_measurement_local.db
| MD5 | 7237409e0640cfab7bdbd429bf821a3b |
| SHA1 | 4c3da934842f8d4835dfe2a9c275a300e5123309 |
| SHA256 | 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa |
| SHA512 | c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f |
/data/data/com.roblox.client/databases/google_app_measurement_local.db-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/data/data/com.roblox.client/databases/google_app_measurement_local.db-wal
| MD5 | 7baecdd2d658c83c61f5eb1adf15af51 |
| SHA1 | 43d57a96ffca3c6a9eb7617778eed86d3bf9ff0e |
| SHA256 | e84bae51d22085f441ca7431004372d8181644875b512a5900846ef9ab93129e |
| SHA512 | d6360fe1520ea3ee0b5ff79357c976161e2166e1b307b627b1dadfe89ce291ad5f27c269d63d90d9a61bdbd4fb9de0adf2a439ce019340ce09ab3f4bc5acaad3 |
/data/data/com.roblox.client/files/PersistedInstallation8695817922069679322tmp
| MD5 | 71325675a411b8ef2c0e145e47609055 |
| SHA1 | fbd2d625cd9d9a610313e01c58fb102e52a7b864 |
| SHA256 | b41607aeed4087b6b2e9fb63943a9622c390c4d9cfab0df52a9f7aca863f541d |
| SHA512 | 1d7a645435708b19d43aeda038b96f1de2530909064931d4f150a730145438820a033c6c3df3c4b8b6618acbf2a5198c805290c9ebc8c5039bd096b655754f25 |
/data/data/com.roblox.client/databases/google_app_measurement_local.db-wal
| MD5 | 4818b33836bf6ecd9f1dc6a0e1cb7484 |
| SHA1 | a602da0493dfcc0277f8ff6f1e299b21e75dfac6 |
| SHA256 | 007752aa2ac488d0b2a8534ef76d8ce15632bc13e62203e4d13f44f37c2a1f52 |
| SHA512 | 8cea354da2f5795e232de6a763cb917cca6461a7f6ea6a8940222148b63d7905625c7a226b9906ac67433a1fa24cde28df6cf786548b57325f9de15570612c5c |
/data/data/com.roblox.client/databases/google_app_measurement_local.db
| MD5 | 0b8166755a47f59c523fdcfd93ef4a0c |
| SHA1 | 798ff86d06ff095e6826be3d76a74ad944362a7a |
| SHA256 | 380d8fd53847098d4e82858504914ee5f68bc219de8639645f3f6dd1951aaba1 |
| SHA512 | 0d3726591fa9ecd0557e666f0834e710f99ea077c39b8e50af88e85f189def5ff00cdc2626604c7ef3ade07bdde1fbf342922dc1ededd3cbdf2248a1ef29c091 |
/data/data/com.roblox.client/databases/google_app_measurement_local.db-wal
| MD5 | 3f82464f8f2bf3311682d071588fd689 |
| SHA1 | 4b6df48630a61779a7ba113766b8e6166513c354 |
| SHA256 | 4fff544834159f459ee5ebfee653a61bb7dfb7fd913bf7daa48a6d798263a2e3 |
| SHA512 | 5b6de9ccf2e784d9fb7c88834d7b7e29725e9f8b22509cf7583eab68843b0eaad51757506f859e66b76dc345fc53bb1d362b122311fde95158859fa2437d10c2 |
/data/data/com.roblox.client/databases/google_app_measurement_local.db
| MD5 | d8177fcb3406abecd8531427b4f65592 |
| SHA1 | 3850b936d7c9758aef0785bc6547dfe89453edf4 |
| SHA256 | 50f119fe386fd0a807b79db692af68685c44d71eb4a7f7c648af25a3bbf55742 |
| SHA512 | 4be05e2e6b727b28dbc524a3210057ea33f3e8d1bcf240d0a52e1ef431880b5d11ae7996b84e6ee1436cf9746bb4c808fb9cc4821b523befd5bfa5d5b32c4043 |