Malware Analysis Report

2024-09-09 17:35

Sample ID 240613-ped7csscrr
Target delta_2.0_new.apk
SHA256 67e5adfc26a8027fc304cd00d65fa8e9fd8c0642b07ec6ca655ccc9b82ed7f06
Tags
discovery
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

67e5adfc26a8027fc304cd00d65fa8e9fd8c0642b07ec6ca655ccc9b82ed7f06

Threat Level: Shows suspicious behavior

The file delta_2.0_new.apk was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Requests dangerous framework permissions

Acquires the wake lock

Queries information about active data network

Checks memory information

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 12:14

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 12:14

Reported

2024-06-13 12:58

Platform

android-x86-arm-20240611.1-en

Max time kernel

5s

Max time network

589s

Command Line

com.roblox.client

Signatures

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.roblox.client

Network

Country Destination Domain Proto
GB 172.217.169.74:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
GB 142.250.178.10:443 digitalassetlinks.googleapis.com tcp
US 1.1.1.1:53 clientsettingscdn.roblox.com udp
GB 18.165.242.41:443 clientsettingscdn.roblox.com tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.187.227:80 tcp
GB 142.250.179.228:443 tcp
GB 216.58.204.66:443 tcp
GB 142.250.178.3:443 tcp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.178.3:443 tcp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.178.3:443 tcp
GB 142.250.178.3:443 tcp

Files

/data/data/com.roblox.client/cache/journal.tmp

MD5 37e8e716e0e2f4a0b05cd9571d95b84d
SHA1 f8d068f6931707bddb8cd69f706f2224ad1fea3c
SHA256 7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca
SHA512 e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6

/data/data/com.roblox.client/files/PersistedInstallation2067643270721197160tmp

MD5 0641cf3e4e3bf22a1b7f03398efc5696
SHA1 83ab82b261c242607b16c1157944bddf996697f7
SHA256 4def0c3efec46a32c6a43e0fef1ae0beb55594ac3849f4812602fef4c670c385
SHA512 319b726f87c28e9a24b36afb2d269dee455ea499ff30523879c12df9afc42d55649dc8e193f72a34f1b172b541807ce37bb964d2eace3d2fe803b04041a43349

/data/data/com.roblox.client/cache/journal

MD5 21ab5a6d0d207fbfdc510654f75f5e6d
SHA1 046a075b419f75110a6d2577fdb270535eae8fd0
SHA256 8c9d860c13e072ef77a4ed7365d1f6ccdd22cd75f034fc96d96c3bb5129a88c9
SHA512 8bbd2505cef7dab2c62e8e8bb3bbd3cca1c18c9f0c50e45e0884893c1a9a49e50dfc370607dc25d6c5c78f4f779ac14af5f1952548e8cbbaef12d42ff3918c82

/data/data/com.roblox.client/databases/google_app_measurement_local.db-journal

MD5 1a4597082a185fba91fc118d0887e676
SHA1 9b1144ec980dc63ffaf934d2eef05f1fc0466587
SHA256 c0d915735a82fef4061620a5f551c478927d4be1f5c5da5c9d2c2b94fc695463
SHA512 2cd556bcc4643700f09cf649a72af75cbf11c9598f86a3a52dcc6541774283f632572db1217c2169d7990da9ea32c7b92d63c873632a419ee9f447243798c520

/data/data/com.roblox.client/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/com.roblox.client/databases/google_app_measurement_local.db-shm

MD5 cf845a781c107ec1346e849c9dd1b7e8
SHA1 b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA256 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA512 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

/data/data/com.roblox.client/cache/0de3774d53f29efb27fa09a940a0ec5f.0.tmp

MD5 f2b0a4475be8c5b5487a43576c282a25
SHA1 7e5fa42ff71cf4505de4070f041f089f9599cde9
SHA256 65650952543a00d4b1db12e333f31972dfc83b9abdf5bc514ddfc1b3f4ae72ec
SHA512 ea99794914812580117bf3f276626b01c2b007378ef6d679676d95943da094c969748283d4823071865d3db21c3f8654be2c47046d44c7143cc77a4b6e997d62

/data/data/com.roblox.client/databases/google_app_measurement_local.db-wal

MD5 9c1f1d856d433ba1ea6efebcd7b2088c
SHA1 2a0a0923d228d145aae68c6241631ecc30f5d4ec
SHA256 39d3fe4fad6e4d64d1086d265319f92283392ae2f8fd8ab12d091d78d3e32ca1
SHA512 d0e9b16017e164da7499b268f94a8ae9100fb411e3ecd79ca24854a05795a29c54e09aa37770c34a3378175922481d8d7ad99a45d26569f4089370339efbb666

/data/data/com.roblox.client/cache/0de3774d53f29efb27fa09a940a0ec5f.1.tmp

MD5 ea805f25505aa0c71a7cfd1d0d435203
SHA1 73589a3acf0bee94828cbc74b2c968fb969dc78a
SHA256 eaee1ec5cc94b158787e68c44a675ca842db85d4a85e29d0f378d4812cbfeb49
SHA512 5e049ca8dd13997d73ff828f4aca62a1297af75a4dfca200f6963205612772aa17ea7528d50d0de55185c6e106b170ffa13bf934e4621f56d65134fa0ee2533f

/data/data/com.roblox.client/no_backup/com.google.InstanceId.properties

MD5 4d651275e01dbe0d5bcd04ab21ed36ea
SHA1 9dbae59b2fd3cba490f90ac89c4c17f47947f04f
SHA256 c3d8b03e8d3687842c739aeba1d8d31ddfe0f07e6b203704a79ec6b58b8deef7
SHA512 4a6c0b7459928de8e2e970c1a6689a77a7e7f161879a5e81b1eee3add8f00bbe11171faf7ceb655fb9727591a64dab9005c43a3f3e755c7987a595b622bc4cc5

/data/data/com.roblox.client/files/PersistedInstallation4013191796331648855tmp

MD5 97e59a69912fd4bcb77d67bb019d8fac
SHA1 be3e45797428cb9f8011aa8ae7fba34834f33b47
SHA256 8ebfe6cc62c235c775bc214332be184c51fedab190c4c11f5a92471584756a16
SHA512 2199b7555988a3747c44389342f7188e50c8f5c61c117db3d83a79b73387ea7a5d5c5dfe1c26efba6d87777593cabd6b478dc56b2f329e231aa9fad08a6d5807

/data/data/com.roblox.client/databases/google_app_measurement_local.db-wal

MD5 b3add03a341bb4174d526e9b21df73b8
SHA1 cfdd1f3e82757ddef90e6f7d4a46284f7521768e
SHA256 f3d6646c8a644038046d47909e314b940ed8aaef443ab1b7115deb7718d919d1
SHA512 ad1da443b01c8445d10911e365668904c34e75defbaecbf51ee47e88ae23f978f9dfa709fc8fa8f6509f1cb525a9eee30c8382d98ecb85915e50a73d2c3f1de2

/data/data/com.roblox.client/databases/google_app_measurement_local.db

MD5 6b865fdadf2a38491b8392325bcafcf7
SHA1 daa5fadeda874da2e0408595a25d8881bdb44866
SHA256 4acf9458e1aead92ea6a3e50d4e15d84571057bac32d4890faf77c8ec253fb7f
SHA512 1929035959d013764aafdeeb3c686f9c6b89aefeddebfc70ac884ec1fdd691a8ee879b3814583cfc2baf74bc020eaeee06c30f6ae05a87c4b89edcd9ca349c5e

/data/data/com.roblox.client/databases/google_app_measurement_local.db-wal

MD5 c1fd6c824ef2b5c8058c172ac8030dc0
SHA1 53d36451bbc09a433265d052accfd907ddef998f
SHA256 dacb9e15d5d173223960d1d9cdee835e0b9cb39538f03764fd01d6ae8ad60264
SHA512 6972c979da55521157c072d9516862dc92d4d2806c942e7659b314178faf8d7752b8ba57e10deaa46510358680b73d07e991c3c106fbce4e66d2d90257d86e54

/data/data/com.roblox.client/databases/google_app_measurement_local.db

MD5 03615583fb6f9cd24910b1acc21fe4f1
SHA1 d9466af296a2b18e95a2c0b6135562f3f3301b62
SHA256 f22e811820d7729bec4b61ff8460632c7e247ba6e18697d8f938a6753a060958
SHA512 4aad47dedb8a1a2671cde9d08fcda4c442ad1bc88e1984544cb79db8dcb0263bd7dec6c5defa58bf861139929b1805714ffcbd4e5d9b16f4bac2b0cd3787973d