Analysis Overview
SHA256
31531d515ce40ecd4f674b34856e9a149c96e94f71a53b5127cee71357b646eb
Threat Level: Shows suspicious behavior
The file Codex_2.621.apk was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks memory information
Checks CPU information
Acquires the wake lock
Checks if the internet connection is available
Requests dangerous framework permissions
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-18 18:52
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application a broad access to external storage in scoped storage. | android.permission.MANAGE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-18 18:51
Reported
2024-05-18 18:56
Platform
android-x64-arm64-20240514-en
Max time kernel
14s
Max time network
82s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
com.roblox.client
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | digitalassetlinks.googleapis.com | udp |
| GB | 216.58.212.202:443 | digitalassetlinks.googleapis.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.40:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | clientsettingscdn.roblox.com | udp |
| GB | 23.215.232.238:443 | clientsettingscdn.roblox.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| US | 1.1.1.1:53 | clientsettingscdn.roblox.com | udp |
| GB | 23.215.232.238:443 | clientsettingscdn.roblox.com | tcp |
Files
/data/data/com.roblox.client/no_backup/com.google.InstanceId.properties
| MD5 | 5ad40a6dbeb4061fcc1251102dd5f483 |
| SHA1 | 807d6e72c0a75ec586726db14edaaa51773e5a44 |
| SHA256 | cee7490a7730a28460b2a744bccc54c398339ab265c705cf81a8314d0022e3d0 |
| SHA512 | fbf161cdb69c51f43632a3740f588b19b5cbe35d222ebfe5eb82374b1ed679e7ed2c3d565e47783bea14439a1ed4253213ed8ed74db2a1e14bfa001ea560a2f9 |
/data/data/com.roblox.client/cache/journal.tmp
| MD5 | 37e8e716e0e2f4a0b05cd9571d95b84d |
| SHA1 | f8d068f6931707bddb8cd69f706f2224ad1fea3c |
| SHA256 | 7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca |
| SHA512 | e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6 |
/data/data/com.roblox.client/files/PersistedInstallation5510036263777541640tmp
| MD5 | 5b909c00ed936cda91142ab74c83aeb6 |
| SHA1 | ca65ecb3a67c035b64a06c2af5356b172b1145db |
| SHA256 | 6e9d5ec1db9060fef50e280afe1fa164eee2482d8a0ad7734f1ca9e2f65cd916 |
| SHA512 | 58c2354dfeae607df4c4ed84d3a00ee5163e923a6a5888af17eb86da9b64f080c9470ee49e2a9fb8c98f23ef9bae98f4d97de032b124015463bfe4a4bf518428 |
/data/data/com.roblox.client/databases/google_app_measurement_local.db-journal
| MD5 | 594caf70098add155da18ef2811e6190 |
| SHA1 | 6fdec5f68154c3b1bae6f7a907b8e94a6d38f247 |
| SHA256 | 9421816e93635145d45969f93f8175e63215afea608cb12c5c4df96cab114bc4 |
| SHA512 | 2ad0249779c36c29bc90290d2b71fe5c656c8831a6357c7c12ebdbe44f38c9490d9ccf99d0336f9678910d61f41304613f57fc2f5406a90d616f3527c72077ff |
/data/data/com.roblox.client/databases/google_app_measurement_local.db
| MD5 | d9cf75fdd1c2292d986f6c3d5d60f2c8 |
| SHA1 | 07ecb1d3a26d952ae5fecf54f36699ab498510b1 |
| SHA256 | 2d227e9b7a044c8e10294f6a831fb92d81ea9582381796d87f35bd268e37538a |
| SHA512 | 442c96e4b4c79b8d1c64dd3a6d6088ae1dace441e78d830dfb3190ee1c0fafebc606fb432071b4a1ad1a4ba9b68c7877b0bce520ccc88708feaf82bbc474e0cb |
/data/data/com.roblox.client/databases/google_app_measurement_local.db-journal
| MD5 | 41ecf66f9fe3a5a8d593972931a3e3f7 |
| SHA1 | b579b6d3bcd6466791bf51a396c16184627f2424 |
| SHA256 | 76704ddc66c18a47792573451f0c4fda9514ea75b9de065958667427efa7d8ab |
| SHA512 | 049472c185b829e2b564729977425ca10238047e10ee4d713c88a385d4203a01e8efefb313a3f8374a0eb8ae7771c9138f966243d4f7b89c9190228550ca2d6c |
/data/data/com.roblox.client/databases/google_app_measurement_local.db-journal
| MD5 | 1a13fab49b1b17db0d594269306e4d5c |
| SHA1 | 2d9459c1846f29660e73c4e2c4f6f7302889da23 |
| SHA256 | 516a232d1e0856fb02811bb361f6a0e8e65718491c13c747e2e24843495b3f0d |
| SHA512 | 71af7c61e31b03cbfb32788fd92ba4c0257988aa3c073650cdd62d5d05072f9ccfa704951e59003a70150c0c834efaba470f6fc5bb13b24bf91733aaad19e520 |
/data/data/com.roblox.client/databases/google_app_measurement_local.db-journal
| MD5 | 3b5ecc85e09201319d470ada2efe3183 |
| SHA1 | d5aabd71f1cf06e3fb640375d6e28058b6dec873 |
| SHA256 | 18148fb117162596dddf5f0aa239166e82bfeb7de1a7f37d2d3bb3546c5f15b8 |
| SHA512 | 809ff09853079004bf0bc45be6aa297677d051727b0216e96d1232de89e57ea36a75a2aef7dee5eb9bbd2f543004b9c555ac1a583c657fbec2c3a121801ce26c |
/data/data/com.roblox.client/cache/journal
| MD5 | ba899779dbec35cdea6ac69590f30d30 |
| SHA1 | 5aa681a81b50f49825ff8f7764f51a276db2e84e |
| SHA256 | 48444b1a2a0adddc7093e07510dfca315409a6c094a08e9b514341e5be9f8fe4 |
| SHA512 | f872bbd8539a1bcc396311f6389899ada584cd82ccb359aad95925b2978c49e7ed1b2105c14e802ab31e637e95bac17fd8bad70f682bd51c86d0a02365ad7eaa |
/data/data/com.roblox.client/cache/0de3774d53f29efb27fa09a940a0ec5f.0.tmp
| MD5 | bd4795a6bbf5f30f0bba36c59c2c66cf |
| SHA1 | 45ac20384d13266716751efcf4482715285ea12a |
| SHA256 | c3e4f84519ad487c6ccec925918f6d7b859b51d964a5896936b688d1c898bcb8 |
| SHA512 | 33fb09b8c2bb6d2d135e8545844a78e2a0bc97d6ed672b28b96fbfab37e4d05db440f54f6349a2131fdda3469d2e72c9885bf1a9924787f555f5aae3e538498a |
/data/data/com.roblox.client/cache/0de3774d53f29efb27fa09a940a0ec5f.1.tmp
| MD5 | 39cc03f4dad8602327e2af82859a7db7 |
| SHA1 | fd8df03b8faa4133096cb26993be9d911be27159 |
| SHA256 | f69272d8be5168e51be6516990871e3b0f826b866916322f826d05039194fa89 |
| SHA512 | ebbd31edff8054938997d111412310b40fe25f34b5330555f8a4bb0a0b9f3b30e48402c302b0fa06d633f6c47589d30372750d5f571df2673df525d9714978b7 |
/data/data/com.roblox.client/databases/google_app_measurement_local.db-journal
| MD5 | 3c3f6ebcf3daa35ccf23ac71f4247eb3 |
| SHA1 | 995e1f56892197702df8ad5f8ee5ea0452d2b20a |
| SHA256 | ffeab717c76a77b7cd64f952f68195edb2f225a2e06e8e2a52ca10c72da578de |
| SHA512 | 9a3d7df876d60079481ee59cd12d91615648c6f212dc671ef4c9affaa2939a2c0e8a3611383e3026b0b2a78eb92225a210f4fc0adfa9b86ebcfc4a0d486e6000 |
/data/data/com.roblox.client/databases/google_app_measurement_local.db-journal
| MD5 | 6d4c1b764c3fb99e8df25e73d6ba9fd7 |
| SHA1 | b14737adcc0ffe3b84dea2abcd5a17a539cfb092 |
| SHA256 | 6b5767260cf99738bdccbf02d993b301b8cdcdc29e594e21f41ab5845dbaf360 |
| SHA512 | d5c760277e3b1cfc226114e7e3e1f402781c7d4a1a3ee03e3ff4a3150901fce28aa50aec18630692d8310c8d54ebba4d661e97deacc41726370c48e1ba1474c9 |
/data/data/com.roblox.client/databases/google_app_measurement_local.db
| MD5 | caaa6cfc94d4e475c71ebd6ad510da1d |
| SHA1 | 5187772c83af05ee76e13452af1df689575760db |
| SHA256 | 692bf28bd311ebc785d63d4355f64107726cc3f18a9b0864fa52ac3a081f669b |
| SHA512 | cd9fd354915eb11633e9ff4028ec795686281bb20d5140fb3482b99b2cb80b1bdfb9a591fe76cff9b3b455026fedd522201a00b9b40bb1e04c002ee657559c66 |
/data/data/com.roblox.client/files/PersistedInstallation3308665091173506947tmp
| MD5 | 124f0f00672ff5d8befc0119c0e96c81 |
| SHA1 | 5294b21ed6cec3990a3221abfc36be6fc0871a53 |
| SHA256 | 5a233040841e4aeded5c6c1dd466b51906d5d252285d4a099a22a26da9993c9a |
| SHA512 | 251109896ce9a535085d6ee02d63fd0e787567bfc1534df7a2fce0c90a5e3381e5fbcaa39d829a861ae4fe99a8ff76fb525c9055bc8af69feaa31b6ef347e8ff |
/data/data/com.roblox.client/databases/google_app_measurement_local.db
| MD5 | ddb7c740f5c4a588a89fd998a0e57656 |
| SHA1 | 2139cdba05c2cda8dd376f574947109f5f94b0a0 |
| SHA256 | a8eb59af3d0dfa7711621c7fde107d6b61362fca8fccbfaadcb865d8ede55fd1 |
| SHA512 | 63dd7597c1caf60ba98bffb5be007fb05ee75f997b71a81914175659793f84fb915cdd943733423d1c73a6c946fd4fdbb5e9f6d4a572dc4ff8af42242d0eef9e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-18 18:51
Reported
2024-05-18 18:56
Platform
android-33-x64-arm64-20240514-en
Max time kernel
9s
Max time network
74s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Checks if the internet connection is available
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
com.roblox.client
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.68:443 | udp | |
| GB | 216.58.204.68:443 | tcp | |
| GB | 216.58.204.68:443 | tcp | |
| GB | 142.250.187.195:443 | tcp | |
| US | 1.1.1.1:53 | digitalassetlinks.googleapis.com | udp |
| GB | 216.58.201.106:443 | digitalassetlinks.googleapis.com | tcp |
| US | 1.1.1.1:53 | clientsettingscdn.roblox.com | udp |
| GB | 23.215.232.238:443 | clientsettingscdn.roblox.com | tcp |
| US | 172.64.41.3:443 | tcp | |
| US | 172.64.41.3:443 | tcp | |
| US | 172.64.41.3:443 | udp | |
| GB | 142.250.187.227:443 | tcp | |
| GB | 142.250.187.227:443 | udp | |
| US | 1.1.1.1:53 | remoteprovisioning.googleapis.com | udp |
| GB | 216.58.212.234:443 | remoteprovisioning.googleapis.com | tcp |
| GB | 216.58.204.68:443 | udp | |
| GB | 216.58.201.100:443 | udp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| US | 1.1.1.1:53 | clientsettingscdn.roblox.com | udp |
| GB | 23.215.232.238:443 | clientsettingscdn.roblox.com | tcp |
Files
/data/data/com.roblox.client/no_backup/com.google.InstanceId.properties
| MD5 | e474fe69a60f5aa8ec4b6e03ecc55271 |
| SHA1 | a67e42c9255dff77d77f2b53f815b56bb817f8fb |
| SHA256 | 527189e6703f8ce540ffd6eaafdac263bee9c447380f53cf1398d88339f82bd0 |
| SHA512 | b749b1a5867c680858ff8d6bb664a1efd9a038075d32d6c1c58237baf24c07e13991d35e9447c1897d0100bdbcad0f157023fae559aaf521e2d05c9d3ede78b8 |
/data/data/com.roblox.client/cache/journal.tmp
| MD5 | 37e8e716e0e2f4a0b05cd9571d95b84d |
| SHA1 | f8d068f6931707bddb8cd69f706f2224ad1fea3c |
| SHA256 | 7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca |
| SHA512 | e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6 |
/data/data/com.roblox.client/files/PersistedInstallation2421952480786092757tmp
| MD5 | 897651ae7ef8ca8ad0b6c0b45c0ea383 |
| SHA1 | 7b452dca66a342e85279003a2cc2e1c009815d35 |
| SHA256 | 0e93db069f131f210f8172f411af1f18e1838f06981d556a3d674f9eb4e0e70a |
| SHA512 | 810f9aebfdb64b71303e8c0142dd0bd94d9d5b56fae180f4fd0dc9d16f92f668c0a967ec940d887630302fdfe1edbe343d364648978b94db562ee8cf8646bae8 |
/data/data/com.roblox.client/cache/journal
| MD5 | ba899779dbec35cdea6ac69590f30d30 |
| SHA1 | 5aa681a81b50f49825ff8f7764f51a276db2e84e |
| SHA256 | 48444b1a2a0adddc7093e07510dfca315409a6c094a08e9b514341e5be9f8fe4 |
| SHA512 | f872bbd8539a1bcc396311f6389899ada584cd82ccb359aad95925b2978c49e7ed1b2105c14e802ab31e637e95bac17fd8bad70f682bd51c86d0a02365ad7eaa |
/data/data/com.roblox.client/cache/0de3774d53f29efb27fa09a940a0ec5f.0.tmp
| MD5 | b2e7765b22350727eea5f92ca08afa75 |
| SHA1 | 799ab31084e80a7a263b6cbed970cfafe71c4efb |
| SHA256 | 64409c7737701e926bcd39f48f4f03d63cea1386972b634e0b7f59d8a04ba676 |
| SHA512 | ced56a2fc3f1c5704ccb13d4f30ffae2ba7db180600c6ecf16188d635d763d92efedccafe5bd1da46453c1ae55afe32f1f4fe79a5216716047e26a48b52a519c |
/data/data/com.roblox.client/cache/0de3774d53f29efb27fa09a940a0ec5f.1.tmp
| MD5 | 39cc03f4dad8602327e2af82859a7db7 |
| SHA1 | fd8df03b8faa4133096cb26993be9d911be27159 |
| SHA256 | f69272d8be5168e51be6516990871e3b0f826b866916322f826d05039194fa89 |
| SHA512 | ebbd31edff8054938997d111412310b40fe25f34b5330555f8a4bb0a0b9f3b30e48402c302b0fa06d633f6c47589d30372750d5f571df2673df525d9714978b7 |
/data/data/com.roblox.client/databases/google_app_measurement_local.db-journal
| MD5 | 86e82cdc137f32d58cccd8e27a729258 |
| SHA1 | 9606a39d302502d45016a6f13cc7ce5e6d01ca0e |
| SHA256 | eb42849d7b6641a8e7b267f2c415c8f3c8c600d739c113e4e47e8bed64e768b5 |
| SHA512 | e977140d86de81b4b0d1adfb5c4dcf82e4ece1d003a981adaef5dce81aa8f6fc3572eeaf972321dfb8c102ac4c6d56fd8e677553ac8baddd716d1ef58f99eeee |
/data/data/com.roblox.client/databases/google_app_measurement_local.db
| MD5 | 62ad4a05cbdca7f47b3206b7dbda487f |
| SHA1 | 4f4044cef7b7b1e5c6184ed9025267fc92bf0cd3 |
| SHA256 | 18b909096c7c61d51ab076ae8e562effb0d4ada28e2a4ecd0e6b88ef58f6b2a6 |
| SHA512 | 0936531ed1b2b356a247123200739a43cfc765469ab47a424dcd6e3d1176092a212b0a28591d07f8c2d0cc9d2e0eeddfcea8dde314c2f9343783c61075b071a6 |
/data/data/com.roblox.client/databases/google_app_measurement_local.db-journal
| MD5 | 3addea365bc3dbcaf04982099f647034 |
| SHA1 | 2372b7f820d4dd9425b53286b68f472c46a3a416 |
| SHA256 | 7fb9162dbfac1752bde3d0f2291ed65162fea8a33e72a8db9c6d96c3d4d8ecd8 |
| SHA512 | ecc01c2fd9b8d07c872510238866299d9a8f76ac8193dd8376f650a3f3e8107a0a4255f412ec9db72239b8bf23133721a5d184ed0577d80d021cec696233afb6 |
/data/data/com.roblox.client/databases/google_app_measurement_local.db-journal
| MD5 | ca6ed337ee7d3f68823e5594f10f8751 |
| SHA1 | bde6d618a34cfab4bac26ad931e422e39fd8714e |
| SHA256 | 0bd47c3aa151a1a1cf9c5043c71236b9a3611140c324421e78941c640d3cb2d7 |
| SHA512 | 8c7cf5666afb0e777b0c59d205234918bf9df71df2de3a0c03fa17b8d99a42e5a7f57e4a80cfca185db7cccd8f5d3f6efc31390cf5b9411938bf2a149dc1e8b0 |
/data/data/com.roblox.client/databases/google_app_measurement_local.db-journal
| MD5 | be6b3cd7562e08887cde04cb2ba1a849 |
| SHA1 | 5e83fe1c9ffdd1908d3b1254128a80af0ca087b8 |
| SHA256 | 964ebd6fe950f3a805d7613fe1e68bd5103cdeb2e6bc94abf1c6f84d69f38823 |
| SHA512 | cda33dc2400efbd98bc9ef80133c7be3bb70696873aac472f12104530e90adfd5a456482a52c11b376850e20cd39555341696042c17aa3694328237e858256cb |
/data/data/com.roblox.client/databases/google_app_measurement_local.db-journal
| MD5 | 0ad9b50ed66cab2dcad5e7446859b840 |
| SHA1 | 9e98b17d7436e7657095a83e33bf7dfcb613d2e9 |
| SHA256 | ab00900bc932d74b8402eff31ecb49d6bc651a357af7c29b497d0b44eaf6c7ae |
| SHA512 | b8547363d7be1d6c058c80631bb1c728af4fe4d14c9dabcedf21136513d86937d750491361d6fb7fe982a4b4e406fac766ff77813005050085a005415b0dba9d |
/data/data/com.roblox.client/files/PersistedInstallation6795219386157038434tmp
| MD5 | c403c520c89ed39de8dd8d542fafb3f5 |
| SHA1 | fb33efec837ac067d25b9632d45c9b52b57b20c3 |
| SHA256 | 0d0018f00922123ba6fa490ea59dc2175b6852d9eaa74254f29d8ae07d173f20 |
| SHA512 | 0a9a832bb0dfe84adcc91cb622628a82f01106d2dc9f2b5a345909308d9963b3a852ee352e2c9dceab4449c66033e3c41b4a115adb656f0a91fc836cb5441d14 |
/data/data/com.roblox.client/databases/google_app_measurement_local.db-journal
| MD5 | e0cdb65ee866cbecd2ec8fe3f020feff |
| SHA1 | dee37cc217a32b638b075cbb72a6ba8beb504a10 |
| SHA256 | 7b7af808a1da0362d5edf522c8492587d141383e90ddef5227b38054ba3b191a |
| SHA512 | a4665c7b488dc9433fd23607ab63c35e39a7c32d614c12ba60d2f1c191381169513ecfd9609488c5912e53bb3a6a7a9eacf1f29e54f6edbdd865b73d80fcc751 |
/data/data/com.roblox.client/databases/google_app_measurement_local.db
| MD5 | 858496e27312d5e25becc54720d7e16a |
| SHA1 | e8fb8b4e6d25459ca8de0d0e4ba88609a4d91e50 |
| SHA256 | 072e319b9e0caa2faba8a950d0edcb0fe7fd7e528a43f6d42a25ab33b16e2541 |
| SHA512 | 00493d5521b3836564d58901ac908890d9ee17e49ce543f77111919f3c6f94b07476acd9a98c3f31e7155fb8a908d18ee4e53e1fada98f746ecb4a7030c69b7e |
/data/data/com.roblox.client/databases/google_app_measurement_local.db
| MD5 | f0fd189b2b7bb133550d05ff73ce187d |
| SHA1 | bda5b7abf9c313361c7bfd975949f13af41d8017 |
| SHA256 | c61077df02bcb9827eebc383ce42e3cb19524da7c4ac63d302e9a9aa8265ba22 |
| SHA512 | 568909b7c4f51cd02a002fe5958b441e0d893e87cfa91f6846396fecc731595b04939a5373fd4d080f85a47ef4dd8dfcf875bd847e0e0039e651e7afb2fbb7d3 |