Malware Analysis Report

2025-01-19 07:49

Sample ID 240611-wd6zbawamp
Target DeltaX v2.o.apk
SHA256 1dc0ed976120e2eda6cb6999498b72f068719dc18b340c6c89fe596d0a29dd47
Tags
discovery
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

1dc0ed976120e2eda6cb6999498b72f068719dc18b340c6c89fe596d0a29dd47

Threat Level: Shows suspicious behavior

The file DeltaX v2.o.apk was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Requests dangerous framework permissions

Acquires the wake lock

Queries information about active data network

Checks memory information

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-11 17:50

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 17:49

Reported

2024-06-11 17:55

Platform

android-x86-arm-20240611-en

Max time kernel

5s

Max time network

188s

Command Line

com.roblox.client

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.roblox.client

Network

Country Destination Domain Proto
GB 142.250.187.202:443 tcp
GB 172.217.16.234:443 tcp
GB 172.217.16.234:443 tcp
GB 216.58.212.195:443 tcp
N/A 224.0.0.251:5353 udp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
US 1.1.1.1:53 clientsettingscdn.roblox.com udp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
GB 216.58.204.78:443 tcp
US 1.1.1.1:53 clientsettingscdn.roblox.com udp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
GB 216.58.204.74:443 tcp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.202:443 tcp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
GB 142.250.178.10:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp

Files

/data/data/com.roblox.client/no_backup/com.google.InstanceId.properties

MD5 d2fb64a17c2b1f8f1d274c49f8a7bbb2
SHA1 a6c86e39887881a9eed087e89893214194a15451
SHA256 aec6d52dc0a916574beb687146bd0b874b32440f1116507e14e2febb307661cc
SHA512 5849056bddfa8bdd6a867d90f0e1e5d1abf078e330acd36b8a6be0bb8d7d7477233aa09f67bf023a9d08c2b3247823e3877a225b0419d2df8496c88a76a2216a

/data/data/com.roblox.client/cache/journal.tmp

MD5 37e8e716e0e2f4a0b05cd9571d95b84d
SHA1 f8d068f6931707bddb8cd69f706f2224ad1fea3c
SHA256 7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca
SHA512 e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

/data/data/com.roblox.client/files/PersistedInstallation8674711112835759881tmp

MD5 e9a7ff21be36c0ca270a290552b863b0
SHA1 a933e49856ba75afc68bacaf8f538ab3804ec921
SHA256 1e66cfc9f1c66c844502b47c0d5739cc2d419cb91a41a23c47575efac6b7a62d
SHA512 5fc46ebb2ea6ffe7111d7322255ee3c70faa8b68043b15b7e9b2c4784b3274820f8d457d55ae16c165ef8e9d2d25c271e08187e94b5a9711604cd1d5bb562a46

/data/data/com.roblox.client/databases/google_app_measurement_local.db-journal

MD5 395668fa368e9497dc74a0cce32654bf
SHA1 1bc54ceebe354754696beb07698cf8ad353f2a28
SHA256 8910b52f040537c8af933d57dcc368ee014dbc5f00242d8306af9dc0e30cb28b
SHA512 10785334a9a76ded91a0931f262fa454aa2047571c072d099c8fc3936dfd0faf5ee9546c397fcd65a416eb81be76a40a1efde82ace2d3a3d7f9d78a5bc46a5cf

/data/data/com.roblox.client/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.roblox.client/databases/google_app_measurement_local.db-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.roblox.client/databases/google_app_measurement_local.db-wal

MD5 fea83fe71809d4dffcea98b880fd2bcf
SHA1 579728129c22d6ba59c27e7f55d4f3b5996009e9
SHA256 8b74a201d0654d611d9194e9c588c3acc66560ef182e21ab232ad4325a104d13
SHA512 e7126bbf544895ac6b5e78f607ae02a34608109dac26c71bbca1c25b6d98c442445f83ea02d838649b0522af11f39c503ece76fbf756beb26cf1df80084c9bd6

/data/data/com.roblox.client/databases/google_app_measurement_local.db-wal

MD5 160729a599459218a4c0bc09196db5f4
SHA1 98a5f38f16c36ecc948b75bec742a4a8589eb513
SHA256 a50134e6b8bd4994dfc31bf86c757e1210fb7cc00a34a38a87316c3204d753bf
SHA512 ac36858bd27ec6730fcf84b0f21fd40e26eb32973144646f79b490a8c500dcfa71e59f5bc5ade848d0075d8121b4a2a64338f93bbe31001104ac74dbdcc50e9f

/data/data/com.roblox.client/databases/google_app_measurement_local.db

MD5 92ebedc0468abbe64b9226715f5c0978
SHA1 dadaa01f66feef5d51ecf16a617f9004e1d33312
SHA256 951a79884c5f02565e8e47fa234608e393c633911e6434f4168980e5ef11cd1b
SHA512 be5b0166a7f6dc62e22841ba1d10c79c62405bed5fb700dc81707fbfc28b2dd9a822e406304753591db3f91057faae80462b1237cd90edfc9e022bcb738ec704

/data/data/com.roblox.client/databases/google_app_measurement_local.db-wal

MD5 df41fb7ac0a4426a0690524c612b0134
SHA1 15464b5603f3a66d905ef3ea57209b6d81c8c89f
SHA256 6e2ad4dce5400ef23f3f7335841df4f7078d79d269abc7c6717281bb6c09d17b
SHA512 a29ad723c03562214b2fab4be85f1e04cc964145b89673c7f153d9d52fbedae9989e94493a2f75958e31933daace3598028bd499452cfef00647bf50e89e9e37

/data/data/com.roblox.client/databases/google_app_measurement_local.db

MD5 bf05736b436ac476508aec8b77a39c0e
SHA1 d8cb7d2e69a8410af431842db22c24a995f57947
SHA256 6b8178f313e935cf2e449a38818361e73bcff33bf88844b26485d155bfbe3380
SHA512 70524dfb46f7e4f229813e3aca0bf2c770fbde75cc7f85b68cfd5e97f8665167551993f9c2c00e43fe3a8be1beff4468a4b8bb09c273a3eb39daa469bac8a0c3