Analysis Overview
SHA256
09dbcb91249ee5a2c6c6ac44ddec780ab907b64ce1b6f82f792bdbc5a2e9055e
Threat Level: Shows suspicious behavior
The file Fluxus RECONTINUED.apk was found to be: Shows suspicious behavior.
Malicious Activity Summary
Acquires the wake lock
Queries information about active data network
Requests dangerous framework permissions
Checks CPU information
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-09 10:15
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-09 10:14
Reported
2024-06-09 10:18
Platform
android-x86-arm-20240603-en
Max time kernel
5s
Max time network
39s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.roblox.client
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | digitalassetlinks.googleapis.com | udp |
| GB | 216.58.204.74:443 | digitalassetlinks.googleapis.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 216.58.201.106:443 | semanticlocation-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | clientsettingscdn.roblox.com | udp |
| GB | 23.215.232.238:443 | clientsettingscdn.roblox.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
Files
/data/data/com.roblox.client/cache/journal.tmp
| MD5 | 37e8e716e0e2f4a0b05cd9571d95b84d |
| SHA1 | f8d068f6931707bddb8cd69f706f2224ad1fea3c |
| SHA256 | 7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca |
| SHA512 | e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6 |
/data/data/com.roblox.client/files/PersistedInstallation5636964368974672774tmp
| MD5 | e353929046dc6dfe6a85e90c843d431d |
| SHA1 | 15288d4ca7289618b80e427ecbf3be4051c19e9a |
| SHA256 | 1c409961f327ff4dae87a1af44b53626588eb28def860b28d383b8679c894974 |
| SHA512 | 81737d0f0cf8462d6b80383a9cd0d6be5aaaf4489072b76e0af91f542d4bb3872833d6e83592b0a3ef8c0b0c5675de004db09a19525b1bff662dc6650a87b884 |
/data/data/com.roblox.client/cache/journal
| MD5 | d166d3d888bbc7fce83f788d68f73d11 |
| SHA1 | 90528652a6ddaaf043c8f45b0505894fda11dcd3 |
| SHA256 | a34bb09c41919f9c0e4d401544da1912ff89c1ed847f8535882602832033a385 |
| SHA512 | c17e5450478945ad6a61c87e011ba21a56513aa1bbc7dcc352394484274b8d2f175fb5d4ae5720d92f5a99282d13ad1442aa5f8481f4e854c8ae5576b8c5e51c |
/data/data/com.roblox.client/cache/0de3774d53f29efb27fa09a940a0ec5f.0.tmp
| MD5 | 8e01402f7e7f0cf05bb6dd7335e8e52b |
| SHA1 | 84a2dcad0569bb7b519070e850ae2b85be8eb37a |
| SHA256 | 1b6e79984fb3921db29926f63abf66c7d408b7bed771a76b326bc36f4c08cdd5 |
| SHA512 | 8b1d3634444be9a626533f8bc250ebd6222031e4a74b3e76de59d3dc7b5e4d204b2aec06a0a7efb5ee9ebe912904a0a757dbbfa5e09edd9966e15f4c48fae648 |
/data/data/com.roblox.client/cache/0de3774d53f29efb27fa09a940a0ec5f.1.tmp
| MD5 | 3d63431b167ea580d2612cf1b326da65 |
| SHA1 | 7b6fd006b932a80d240a3713d18a16da7450afc0 |
| SHA256 | 4ac226da3ea7e3a7206c0067deab56d8f32ec7eb7f062313c6ba60be5fed8f0d |
| SHA512 | 2b56da9d3fc99103593b3ac3c4e49eaacdb7c8c6adcbe43f8aad3ac153987953b49b773b894fcfcc1a99ec51e877b969d133599eae86081c2abd89726bf2b8c2 |
/data/data/com.roblox.client/databases/google_app_measurement_local.db-journal
| MD5 | a83833f3deabbd9c619b7660871a31d7 |
| SHA1 | c6a3d134b2ba9d199d651b68c041884b5cef7ee2 |
| SHA256 | b6c5e909649fd48cc903650965ebebeb7ec877b86cee32543b50abbd5070d2dc |
| SHA512 | 5d525e27b9762d571c6d6f1617ddc6331f74d62d51c8806deda387a3f139b5d8603df0b9b2b41a12167d8facec9f69d4cbc8d5d802ae465fb272c9691b79f384 |
/data/data/com.roblox.client/databases/google_app_measurement_local.db
| MD5 | 7237409e0640cfab7bdbd429bf821a3b |
| SHA1 | 4c3da934842f8d4835dfe2a9c275a300e5123309 |
| SHA256 | 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa |
| SHA512 | c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f |
/data/data/com.roblox.client/databases/google_app_measurement_local.db-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/data/data/com.roblox.client/databases/google_app_measurement_local.db-wal
| MD5 | 6a84d15203d825b8ef41f05528e795c6 |
| SHA1 | 96e119e294181bbcc0feaa3d450f67509fcd3b6f |
| SHA256 | 2894adecd0b489c6c60898cd1239c930956061186b13c9a58dcf1b13d3d9cd0d |
| SHA512 | 08b39b699c545352aa0bd7c3487ec9c051936987a64beb7e1be8278e0b33cbeb06fe4e6a21260ff24042d1d93dabe05d53d4b0c410a02192e8a6f00a78d8d169 |
/data/data/com.roblox.client/no_backup/com.google.InstanceId.properties
| MD5 | b8e5f539ad9bbcbae07b6b67f8b86de8 |
| SHA1 | 3c1be3ae3acb8c4a49f73bc7c605e71886f9b08d |
| SHA256 | 08a8683d5e74045b833c156a26b581f797528c971699f6edcf4227129a5135ac |
| SHA512 | 621d3cf542653a0b3e0087259bada06cc89cccb1795c0b4157b136206e17d52a850104dddefcf26be2697f17a8f0dd8ca6724a5440127ce5912850913b6a084d |
/data/data/com.roblox.client/files/PersistedInstallation3088978366626915720tmp
| MD5 | 2762a0c9b455d18f0c0663071f4e27b8 |
| SHA1 | 060fb255c7942d6b2e80d9fb4c317e8e2a4f9dfc |
| SHA256 | e8fe853c9e1852800326cad1a8c7a7ae69d8d64a9c5377079836e100251721f8 |
| SHA512 | 80058c9adea85f2803f66b3495bd148cacfcedcaae39bc5f01d6403b7e5715a1b2fba6bb9929f1703ed297de0ec3f745fa6bea7fbeb42961f036fbd8af6231f3 |
/data/data/com.roblox.client/databases/google_app_measurement_local.db-wal
| MD5 | df5b5e4be2cb63fb64ef94b1f78eb263 |
| SHA1 | 386cc7e583c6cbe074a49e475475f44e78ec9ba3 |
| SHA256 | 42c3e605f452fb491d9969b685616a649c64fff81c52bde40e75f3bf84063fca |
| SHA512 | 537ea7bdd75cf53859607fa7974f0583bb0062365506422a72c648db36ee5a5e07312568f1954cbb509b3eafd6c69fe91d066bc1420137a781e807083433d727 |
/data/data/com.roblox.client/databases/google_app_measurement_local.db
| MD5 | 48d421749fc00954e19f48ebf2d3dcea |
| SHA1 | 3826d25a21bcbff93240d8955dabbebd62075a60 |
| SHA256 | bb00d4fcfdac30338b7394192f46f14ed2edbf5e3391dce2b1edd915181fd5f1 |
| SHA512 | 578df8bb2fa1e792b9fd33589c42bd8f18b7c08b8af06b744086b8f71158a84051214b3283e60bd6df3280a09862185527fe2a3f2eb09ccb3c1b99cb3a2f18dd |
/data/data/com.roblox.client/databases/google_app_measurement_local.db-wal
| MD5 | b42bfd98ce536a966758b48270cb02bf |
| SHA1 | c2c8d7e2e1acf9c4666f5ac304b8364af6e9854c |
| SHA256 | 8d8d3e38ab3caf8ee0cb982b7339daee9e12437a722c9ede3d746dec56d3e0c2 |
| SHA512 | a70a8d5a304e4e360a56b429cac1a33ceac7d4307c0a1d8afc2645928f2bec7c1fe60d131fc41edf5d5a60d1cb5b59e91594df7419b3bdaad9d9cc212c97ba76 |
/data/data/com.roblox.client/databases/google_app_measurement_local.db
| MD5 | 9b75a4ccae55df54e6e358fc7b9d7277 |
| SHA1 | b80f48db16d6e3d3beff56952bcefebf67e56754 |
| SHA256 | 27567e941171c90dd9cf0ed2e7fbea287a8cca4a05d8c441377d5abfe1fe0628 |
| SHA512 | f2e5b34493de23b04e302f9f6617212faa4e608cce425fab623f3910c9b7756cd6ad744b44c46976f2d2d72b5621cc1803346b928f1a27c89975e0a22643327b |