Analysis Overview
SHA256
67e5adfc26a8027fc304cd00d65fa8e9fd8c0642b07ec6ca655ccc9b82ed7f06
Threat Level: Shows suspicious behavior
The file delta_2.0_new.apk was found to be: Shows suspicious behavior.
Malicious Activity Summary
Requests dangerous framework permissions
Acquires the wake lock
Queries information about active data network
Checks memory information
Checks CPU information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 12:14
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 12:14
Reported
2024-06-13 12:58
Platform
android-x86-arm-20240611.1-en
Max time kernel
5s
Max time network
589s
Command Line
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.roblox.client
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.169.74:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | digitalassetlinks.googleapis.com | udp |
| GB | 142.250.178.10:443 | digitalassetlinks.googleapis.com | tcp |
| US | 1.1.1.1:53 | clientsettingscdn.roblox.com | udp |
| GB | 18.165.242.41:443 | clientsettingscdn.roblox.com | tcp |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 142.250.187.227:80 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 216.58.204.66:443 | tcp | |
| GB | 142.250.178.3:443 | tcp | |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 142.250.178.3:443 | tcp | |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 142.250.178.3:443 | tcp | |
| GB | 142.250.178.3:443 | tcp |
Files
/data/data/com.roblox.client/cache/journal.tmp
| MD5 | 37e8e716e0e2f4a0b05cd9571d95b84d |
| SHA1 | f8d068f6931707bddb8cd69f706f2224ad1fea3c |
| SHA256 | 7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca |
| SHA512 | e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6 |
/data/data/com.roblox.client/files/PersistedInstallation2067643270721197160tmp
| MD5 | 0641cf3e4e3bf22a1b7f03398efc5696 |
| SHA1 | 83ab82b261c242607b16c1157944bddf996697f7 |
| SHA256 | 4def0c3efec46a32c6a43e0fef1ae0beb55594ac3849f4812602fef4c670c385 |
| SHA512 | 319b726f87c28e9a24b36afb2d269dee455ea499ff30523879c12df9afc42d55649dc8e193f72a34f1b172b541807ce37bb964d2eace3d2fe803b04041a43349 |
/data/data/com.roblox.client/cache/journal
| MD5 | 21ab5a6d0d207fbfdc510654f75f5e6d |
| SHA1 | 046a075b419f75110a6d2577fdb270535eae8fd0 |
| SHA256 | 8c9d860c13e072ef77a4ed7365d1f6ccdd22cd75f034fc96d96c3bb5129a88c9 |
| SHA512 | 8bbd2505cef7dab2c62e8e8bb3bbd3cca1c18c9f0c50e45e0884893c1a9a49e50dfc370607dc25d6c5c78f4f779ac14af5f1952548e8cbbaef12d42ff3918c82 |
/data/data/com.roblox.client/databases/google_app_measurement_local.db-journal
| MD5 | 1a4597082a185fba91fc118d0887e676 |
| SHA1 | 9b1144ec980dc63ffaf934d2eef05f1fc0466587 |
| SHA256 | c0d915735a82fef4061620a5f551c478927d4be1f5c5da5c9d2c2b94fc695463 |
| SHA512 | 2cd556bcc4643700f09cf649a72af75cbf11c9598f86a3a52dcc6541774283f632572db1217c2169d7990da9ea32c7b92d63c873632a419ee9f447243798c520 |
/data/data/com.roblox.client/databases/google_app_measurement_local.db
| MD5 | 7237409e0640cfab7bdbd429bf821a3b |
| SHA1 | 4c3da934842f8d4835dfe2a9c275a300e5123309 |
| SHA256 | 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa |
| SHA512 | c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f |
/data/data/com.roblox.client/databases/google_app_measurement_local.db-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/data/data/com.roblox.client/cache/0de3774d53f29efb27fa09a940a0ec5f.0.tmp
| MD5 | f2b0a4475be8c5b5487a43576c282a25 |
| SHA1 | 7e5fa42ff71cf4505de4070f041f089f9599cde9 |
| SHA256 | 65650952543a00d4b1db12e333f31972dfc83b9abdf5bc514ddfc1b3f4ae72ec |
| SHA512 | ea99794914812580117bf3f276626b01c2b007378ef6d679676d95943da094c969748283d4823071865d3db21c3f8654be2c47046d44c7143cc77a4b6e997d62 |
/data/data/com.roblox.client/databases/google_app_measurement_local.db-wal
| MD5 | 9c1f1d856d433ba1ea6efebcd7b2088c |
| SHA1 | 2a0a0923d228d145aae68c6241631ecc30f5d4ec |
| SHA256 | 39d3fe4fad6e4d64d1086d265319f92283392ae2f8fd8ab12d091d78d3e32ca1 |
| SHA512 | d0e9b16017e164da7499b268f94a8ae9100fb411e3ecd79ca24854a05795a29c54e09aa37770c34a3378175922481d8d7ad99a45d26569f4089370339efbb666 |
/data/data/com.roblox.client/cache/0de3774d53f29efb27fa09a940a0ec5f.1.tmp
| MD5 | ea805f25505aa0c71a7cfd1d0d435203 |
| SHA1 | 73589a3acf0bee94828cbc74b2c968fb969dc78a |
| SHA256 | eaee1ec5cc94b158787e68c44a675ca842db85d4a85e29d0f378d4812cbfeb49 |
| SHA512 | 5e049ca8dd13997d73ff828f4aca62a1297af75a4dfca200f6963205612772aa17ea7528d50d0de55185c6e106b170ffa13bf934e4621f56d65134fa0ee2533f |
/data/data/com.roblox.client/no_backup/com.google.InstanceId.properties
| MD5 | 4d651275e01dbe0d5bcd04ab21ed36ea |
| SHA1 | 9dbae59b2fd3cba490f90ac89c4c17f47947f04f |
| SHA256 | c3d8b03e8d3687842c739aeba1d8d31ddfe0f07e6b203704a79ec6b58b8deef7 |
| SHA512 | 4a6c0b7459928de8e2e970c1a6689a77a7e7f161879a5e81b1eee3add8f00bbe11171faf7ceb655fb9727591a64dab9005c43a3f3e755c7987a595b622bc4cc5 |
/data/data/com.roblox.client/files/PersistedInstallation4013191796331648855tmp
| MD5 | 97e59a69912fd4bcb77d67bb019d8fac |
| SHA1 | be3e45797428cb9f8011aa8ae7fba34834f33b47 |
| SHA256 | 8ebfe6cc62c235c775bc214332be184c51fedab190c4c11f5a92471584756a16 |
| SHA512 | 2199b7555988a3747c44389342f7188e50c8f5c61c117db3d83a79b73387ea7a5d5c5dfe1c26efba6d87777593cabd6b478dc56b2f329e231aa9fad08a6d5807 |
/data/data/com.roblox.client/databases/google_app_measurement_local.db-wal
| MD5 | b3add03a341bb4174d526e9b21df73b8 |
| SHA1 | cfdd1f3e82757ddef90e6f7d4a46284f7521768e |
| SHA256 | f3d6646c8a644038046d47909e314b940ed8aaef443ab1b7115deb7718d919d1 |
| SHA512 | ad1da443b01c8445d10911e365668904c34e75defbaecbf51ee47e88ae23f978f9dfa709fc8fa8f6509f1cb525a9eee30c8382d98ecb85915e50a73d2c3f1de2 |
/data/data/com.roblox.client/databases/google_app_measurement_local.db
| MD5 | 6b865fdadf2a38491b8392325bcafcf7 |
| SHA1 | daa5fadeda874da2e0408595a25d8881bdb44866 |
| SHA256 | 4acf9458e1aead92ea6a3e50d4e15d84571057bac32d4890faf77c8ec253fb7f |
| SHA512 | 1929035959d013764aafdeeb3c686f9c6b89aefeddebfc70ac884ec1fdd691a8ee879b3814583cfc2baf74bc020eaeee06c30f6ae05a87c4b89edcd9ca349c5e |
/data/data/com.roblox.client/databases/google_app_measurement_local.db-wal
| MD5 | c1fd6c824ef2b5c8058c172ac8030dc0 |
| SHA1 | 53d36451bbc09a433265d052accfd907ddef998f |
| SHA256 | dacb9e15d5d173223960d1d9cdee835e0b9cb39538f03764fd01d6ae8ad60264 |
| SHA512 | 6972c979da55521157c072d9516862dc92d4d2806c942e7659b314178faf8d7752b8ba57e10deaa46510358680b73d07e991c3c106fbce4e66d2d90257d86e54 |
/data/data/com.roblox.client/databases/google_app_measurement_local.db
| MD5 | 03615583fb6f9cd24910b1acc21fe4f1 |
| SHA1 | d9466af296a2b18e95a2c0b6135562f3f3301b62 |
| SHA256 | f22e811820d7729bec4b61ff8460632c7e247ba6e18697d8f938a6753a060958 |
| SHA512 | 4aad47dedb8a1a2671cde9d08fcda4c442ad1bc88e1984544cb79db8dcb0263bd7dec6c5defa58bf861139929b1805714ffcbd4e5d9b16f4bac2b0cd3787973d |