Analysis Overview
SHA256
1dc0ed976120e2eda6cb6999498b72f068719dc18b340c6c89fe596d0a29dd47
Threat Level: Shows suspicious behavior
The file DeltaX v2.o.apk was found to be: Shows suspicious behavior.
Malicious Activity Summary
Requests dangerous framework permissions
Acquires the wake lock
Queries information about active data network
Checks memory information
Checks CPU information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-11 17:50
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-11 17:49
Reported
2024-06-11 17:55
Platform
android-x86-arm-20240611-en
Max time kernel
5s
Max time network
188s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.roblox.client
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.202:443 | tcp | |
| GB | 172.217.16.234:443 | tcp | |
| GB | 172.217.16.234:443 | tcp | |
| GB | 216.58.212.195:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.234:443 | tcp | |
| US | 1.1.1.1:53 | digitalassetlinks.googleapis.com | udp |
| US | 1.1.1.1:53 | clientsettingscdn.roblox.com | udp |
| GB | 172.217.16.234:443 | tcp | |
| US | 1.1.1.1:53 | digitalassetlinks.googleapis.com | udp |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | clientsettingscdn.roblox.com | udp |
| US | 1.1.1.1:53 | digitalassetlinks.googleapis.com | udp |
| US | 1.1.1.1:53 | digitalassetlinks.googleapis.com | udp |
| US | 1.1.1.1:53 | digitalassetlinks.googleapis.com | udp |
| GB | 216.58.204.74:443 | tcp | |
| US | 1.1.1.1:53 | digitalassetlinks.googleapis.com | udp |
| US | 1.1.1.1:53 | digitalassetlinks.googleapis.com | udp |
| US | 1.1.1.1:53 | digitalassetlinks.googleapis.com | udp |
| US | 1.1.1.1:53 | digitalassetlinks.googleapis.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | digitalassetlinks.googleapis.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.202:443 | tcp | |
| US | 1.1.1.1:53 | digitalassetlinks.googleapis.com | udp |
| US | 1.1.1.1:53 | digitalassetlinks.googleapis.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | digitalassetlinks.googleapis.com | udp |
| GB | 142.250.178.10:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | digitalassetlinks.googleapis.com | udp |
Files
/data/data/com.roblox.client/no_backup/com.google.InstanceId.properties
| MD5 | d2fb64a17c2b1f8f1d274c49f8a7bbb2 |
| SHA1 | a6c86e39887881a9eed087e89893214194a15451 |
| SHA256 | aec6d52dc0a916574beb687146bd0b874b32440f1116507e14e2febb307661cc |
| SHA512 | 5849056bddfa8bdd6a867d90f0e1e5d1abf078e330acd36b8a6be0bb8d7d7477233aa09f67bf023a9d08c2b3247823e3877a225b0419d2df8496c88a76a2216a |
/data/data/com.roblox.client/cache/journal.tmp
| MD5 | 37e8e716e0e2f4a0b05cd9571d95b84d |
| SHA1 | f8d068f6931707bddb8cd69f706f2224ad1fea3c |
| SHA256 | 7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca |
| SHA512 | e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6 |
/data/data/com.roblox.client/files/PersistedInstallation8674711112835759881tmp
| MD5 | e9a7ff21be36c0ca270a290552b863b0 |
| SHA1 | a933e49856ba75afc68bacaf8f538ab3804ec921 |
| SHA256 | 1e66cfc9f1c66c844502b47c0d5739cc2d419cb91a41a23c47575efac6b7a62d |
| SHA512 | 5fc46ebb2ea6ffe7111d7322255ee3c70faa8b68043b15b7e9b2c4784b3274820f8d457d55ae16c165ef8e9d2d25c271e08187e94b5a9711604cd1d5bb562a46 |
/data/data/com.roblox.client/databases/google_app_measurement_local.db-journal
| MD5 | 395668fa368e9497dc74a0cce32654bf |
| SHA1 | 1bc54ceebe354754696beb07698cf8ad353f2a28 |
| SHA256 | 8910b52f040537c8af933d57dcc368ee014dbc5f00242d8306af9dc0e30cb28b |
| SHA512 | 10785334a9a76ded91a0931f262fa454aa2047571c072d099c8fc3936dfd0faf5ee9546c397fcd65a416eb81be76a40a1efde82ace2d3a3d7f9d78a5bc46a5cf |
/data/data/com.roblox.client/databases/google_app_measurement_local.db
| MD5 | 7237409e0640cfab7bdbd429bf821a3b |
| SHA1 | 4c3da934842f8d4835dfe2a9c275a300e5123309 |
| SHA256 | 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa |
| SHA512 | c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f |
/data/data/com.roblox.client/databases/google_app_measurement_local.db-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/data/data/com.roblox.client/databases/google_app_measurement_local.db-wal
| MD5 | fea83fe71809d4dffcea98b880fd2bcf |
| SHA1 | 579728129c22d6ba59c27e7f55d4f3b5996009e9 |
| SHA256 | 8b74a201d0654d611d9194e9c588c3acc66560ef182e21ab232ad4325a104d13 |
| SHA512 | e7126bbf544895ac6b5e78f607ae02a34608109dac26c71bbca1c25b6d98c442445f83ea02d838649b0522af11f39c503ece76fbf756beb26cf1df80084c9bd6 |
/data/data/com.roblox.client/databases/google_app_measurement_local.db-wal
| MD5 | 160729a599459218a4c0bc09196db5f4 |
| SHA1 | 98a5f38f16c36ecc948b75bec742a4a8589eb513 |
| SHA256 | a50134e6b8bd4994dfc31bf86c757e1210fb7cc00a34a38a87316c3204d753bf |
| SHA512 | ac36858bd27ec6730fcf84b0f21fd40e26eb32973144646f79b490a8c500dcfa71e59f5bc5ade848d0075d8121b4a2a64338f93bbe31001104ac74dbdcc50e9f |
/data/data/com.roblox.client/databases/google_app_measurement_local.db
| MD5 | 92ebedc0468abbe64b9226715f5c0978 |
| SHA1 | dadaa01f66feef5d51ecf16a617f9004e1d33312 |
| SHA256 | 951a79884c5f02565e8e47fa234608e393c633911e6434f4168980e5ef11cd1b |
| SHA512 | be5b0166a7f6dc62e22841ba1d10c79c62405bed5fb700dc81707fbfc28b2dd9a822e406304753591db3f91057faae80462b1237cd90edfc9e022bcb738ec704 |
/data/data/com.roblox.client/databases/google_app_measurement_local.db-wal
| MD5 | df41fb7ac0a4426a0690524c612b0134 |
| SHA1 | 15464b5603f3a66d905ef3ea57209b6d81c8c89f |
| SHA256 | 6e2ad4dce5400ef23f3f7335841df4f7078d79d269abc7c6717281bb6c09d17b |
| SHA512 | a29ad723c03562214b2fab4be85f1e04cc964145b89673c7f153d9d52fbedae9989e94493a2f75958e31933daace3598028bd499452cfef00647bf50e89e9e37 |
/data/data/com.roblox.client/databases/google_app_measurement_local.db
| MD5 | bf05736b436ac476508aec8b77a39c0e |
| SHA1 | d8cb7d2e69a8410af431842db22c24a995f57947 |
| SHA256 | 6b8178f313e935cf2e449a38818361e73bcff33bf88844b26485d155bfbe3380 |
| SHA512 | 70524dfb46f7e4f229813e3aca0bf2c770fbde75cc7f85b68cfd5e97f8665167551993f9c2c00e43fe3a8be1beff4468a4b8bb09c273a3eb39daa469bac8a0c3 |