Malware Analysis Report

2025-01-19 07:51

Sample ID 240609-jfgqzsgd89
Target http://roblox.com
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

Threat Level: No (potentially) malicious behavior was detected

The file http://roblox.com was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Checks CPU information

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-09 07:36

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-09 07:36

Reported

2024-06-09 07:46

Platform

android-x64-20240603-en

Max time kernel

129s

Max time network

151s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.201.106:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 accounts.google.com udp
BE 74.125.71.84:443 accounts.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 roblox.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
NL 128.116.21.3:80 roblox.com tcp
NL 128.116.21.3:80 roblox.com tcp
NL 128.116.21.3:443 roblox.com tcp
US 1.1.1.1:53 www.roblox.com udp
PL 128.116.124.3:443 www.roblox.com tcp
US 1.1.1.1:53 css.rbxcdn.com udp
GB 216.137.44.2:443 css.rbxcdn.com tcp
GB 216.137.44.2:443 css.rbxcdn.com tcp
GB 216.137.44.2:443 css.rbxcdn.com tcp
GB 216.137.44.2:443 css.rbxcdn.com tcp
GB 216.137.44.2:443 css.rbxcdn.com tcp
US 1.1.1.1:53 static.rbxcdn.com udp
GB 216.137.44.2:443 css.rbxcdn.com tcp
GB 108.138.217.67:443 static.rbxcdn.com tcp
GB 108.138.217.67:443 static.rbxcdn.com tcp
US 1.1.1.1:53 js.rbxcdn.com udp
US 1.1.1.1:53 images.rbxcdn.com udp
GB 18.245.253.65:443 js.rbxcdn.com tcp
GB 18.245.253.65:443 js.rbxcdn.com tcp
GB 18.245.253.65:443 js.rbxcdn.com tcp
GB 18.245.253.65:443 js.rbxcdn.com tcp
GB 18.245.253.65:443 js.rbxcdn.com tcp
GB 18.245.253.65:443 js.rbxcdn.com tcp
GB 23.200.147.42:443 images.rbxcdn.com tcp
GB 216.137.44.2:443 css.rbxcdn.com tcp
US 1.1.1.1:53 metrics.roblox.com udp
PL 128.116.124.4:443 metrics.roblox.com tcp
US 1.1.1.1:53 apis.roblox.com udp
PL 128.116.124.4:443 apis.roblox.com tcp
US 1.1.1.1:53 ecsv2.roblox.com udp
US 1.1.1.1:53 apis.rbxcdn.com udp
GB 88.221.134.235:443 apis.rbxcdn.com tcp
GB 142.250.178.4:443 tcp
GB 142.250.178.4:443 tcp
GB 172.217.169.46:443 tcp
GB 172.217.169.14:443 tcp
GB 142.250.200.34:443 tcp

Files

files/dom-0.html

MD5 c7370ad7e81dbae8e622eadcac186ad7
SHA1 84614ca614f626c93afbce5063ba0f8bbccece31
SHA256 a5682b306d943be0481656f128cafe52d98cd4ba122f69bc0a522f226954d2fb
SHA512 a1361cabf6e758aee00dd9a771f695be6b0206f96e8077814955b6b20c9a604ae8a3c5cc13e0cc6440472ea029b5409083096ee8b0c6356394affb8bf3a4c05b

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-09 07:36

Reported

2024-06-09 07:46

Platform

android-x64-arm64-20240603-en

Max time kernel

131s

Max time network

150s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp
GB 216.58.201.106:443 tcp
GB 216.58.201.106:443 tcp
US 1.1.1.1:53 roblox.com udp
US 1.1.1.1:53 accounts.google.com udp
BE 108.177.15.84:443 accounts.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 roblox.com udp
BE 64.233.166.84:443 accounts.google.com tcp
NL 128.116.21.3:80 roblox.com tcp
NL 128.116.21.3:443 roblox.com tcp
US 1.1.1.1:53 www.roblox.com udp
PL 128.116.124.4:443 www.roblox.com tcp
US 1.1.1.1:53 css.rbxcdn.com udp
US 1.1.1.1:53 static.rbxcdn.com udp
GB 216.137.44.38:443 css.rbxcdn.com tcp
GB 216.137.44.38:443 css.rbxcdn.com tcp
GB 216.137.44.38:443 css.rbxcdn.com tcp
GB 216.137.44.38:443 css.rbxcdn.com tcp
GB 216.137.44.38:443 css.rbxcdn.com tcp
GB 108.138.217.67:443 static.rbxcdn.com tcp
GB 108.138.217.67:443 static.rbxcdn.com tcp
GB 216.137.44.38:443 css.rbxcdn.com tcp
US 1.1.1.1:53 js.rbxcdn.com udp
GB 18.245.253.65:443 js.rbxcdn.com tcp
GB 18.245.253.65:443 js.rbxcdn.com tcp
GB 18.245.253.65:443 js.rbxcdn.com tcp
GB 18.245.253.65:443 js.rbxcdn.com tcp
GB 18.245.253.65:443 js.rbxcdn.com tcp
GB 18.245.253.65:443 js.rbxcdn.com tcp
US 1.1.1.1:53 images.rbxcdn.com udp
GB 216.137.44.24:443 images.rbxcdn.com tcp
US 1.1.1.1:53 metrics.roblox.com udp
GB 216.137.44.24:443 images.rbxcdn.com tcp
PL 128.116.124.3:443 apis.roblox.com tcp
US 1.1.1.1:53 apis.rbxcdn.com udp
GB 88.221.134.235:443 apis.rbxcdn.com tcp
GB 216.137.44.38:443 css.rbxcdn.com tcp
PL 128.116.124.3:443 apis.roblox.com tcp
US 1.1.1.1:53 ecsv2.roblox.com udp
US 1.1.1.1:53 update.googleapis.com udp
GB 216.58.201.99:443 update.googleapis.com tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
US 1.1.1.1:53 update.googleapis.com udp
GB 172.217.16.227:443 update.googleapis.com tcp
PL 128.116.124.4:443 metrics.roblox.com tcp

Files

files/dom-0.html

MD5 4875a5191b2a596a8fcca7c71da9f0a0
SHA1 fb15288d7239e4773e4d9176bc09b908c840a893
SHA256 a3b8e726a23ab281d5255a0c460ae989be2029f92f7c5782112909ad3c9b46b1
SHA512 1daf81b5c1dcc2a954885035f6310b91a78d1de928cc0266e882cf54d07b5848612769d5fe1bb4f9e9539d9fd7252319b91f65e1f5b55d58b6cfb1cf40e0d839

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-09 07:36

Reported

2024-06-09 07:46

Platform

android-x86-arm-20240603-en

Max time kernel

128s

Max time network

137s

Command Line

com.android.chrome

Signatures

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.android.chrome

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 roblox.com udp
US 1.1.1.1:53 roblox.com udp
NL 128.116.21.3:80 roblox.com tcp
NL 128.116.21.3:80 roblox.com tcp
NL 128.116.21.3:443 roblox.com tcp
US 1.1.1.1:53 www.roblox.com udp
PL 128.116.124.3:443 www.roblox.com tcp
US 1.1.1.1:53 css.rbxcdn.com udp
US 1.1.1.1:53 static.rbxcdn.com udp
GB 23.200.147.35:443 css.rbxcdn.com tcp
GB 23.200.147.35:443 css.rbxcdn.com tcp
GB 23.200.147.35:443 css.rbxcdn.com tcp
GB 23.200.147.35:443 css.rbxcdn.com tcp
GB 23.200.147.35:443 css.rbxcdn.com tcp
GB 23.200.147.35:443 css.rbxcdn.com tcp
GB 108.138.217.65:443 static.rbxcdn.com tcp
GB 108.138.217.65:443 static.rbxcdn.com tcp
US 1.1.1.1:53 js.rbxcdn.com udp
US 1.1.1.1:53 images.rbxcdn.com udp
GB 18.245.253.89:443 js.rbxcdn.com tcp
GB 18.245.253.89:443 js.rbxcdn.com tcp
GB 18.245.253.89:443 js.rbxcdn.com tcp
GB 18.245.253.89:443 js.rbxcdn.com tcp
GB 18.245.253.89:443 js.rbxcdn.com tcp
GB 18.245.253.89:443 js.rbxcdn.com tcp
GB 216.137.44.44:443 images.rbxcdn.com tcp
GB 23.200.147.35:443 css.rbxcdn.com tcp
US 1.1.1.1:53 metrics.roblox.com udp
PL 128.116.124.4:443 metrics.roblox.com tcp
US 1.1.1.1:53 apis.roblox.com udp
PL 128.116.124.4:443 apis.roblox.com tcp
US 1.1.1.1:53 apis.rbxcdn.com udp
GB 88.221.134.235:443 apis.rbxcdn.com tcp
US 1.1.1.1:53 ecsv2.roblox.com udp
US 1.1.1.1:53 update.googleapis.com udp
GB 172.217.16.227:443 update.googleapis.com tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp

Files

files/dom-0.html

MD5 4cb2de80158ab21137700e7d76a0b3d2
SHA1 371e9c83b85ec1b3b2543116200a05dac287b362
SHA256 93ef328b1ea8c2d02fb2e3bc0e1a8603f647bdf852f2159cdc633cebc0dcddb4
SHA512 6b99243b94b48f3f3d5acd1a09635efa6cfa91b441c2f773fa9e15ccb32ac05e5c2b0e95503f54ea3955c8b7dc68820d924fdadcd5f3d3a74bb6ea74de67a81b