Analysis Overview
score
6/10
SHA256
5f8680ae544ef0a4b9bb26cf56a75a74766ac914dae98721477955477812cd53
Threat Level: Shows suspicious behavior
The file Vega_X.apk was found to be: Shows suspicious behavior.
Malicious Activity Summary
Requests dangerous framework permissions
Acquires the wake lock
Queries information about active data network
Checks CPU information
Checks memory information
MITRE ATT&CK Matrix
N/A
Analysis: static1
Detonation Overview
Reported
2024-06-13 15:15
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application a broad access to external storage in scoped storage. | android.permission.MANAGE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 15:14
Reported
2024-06-13 15:19
Platform
android-x86-arm-20240611.1-en
Max time kernel
7s
Max time network
164s
Command Line
com.roblox.client
Signatures
Acquires the wake lock
| Description | Indicator | Process | Target |
| Framework service call | android.os.IPowerManager.acquireWakeLock | N/A | N/A |
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.roblox.client
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | digitalassetlinks.googleapis.com | udp |
| GB | 142.250.178.10:443 | digitalassetlinks.googleapis.com | tcp |
| US | 1.1.1.1:53 | clientsettingscdn.roblox.com | udp |
| GB | 18.165.242.74:443 | clientsettingscdn.roblox.com | tcp |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | static.xx.fbcdn.net | udp |
| GB | 157.240.214.11:443 | static.xx.fbcdn.net | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.200.3:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | consent.google.com | udp |
| GB | 216.58.204.78:443 | consent.google.com | tcp |
| US | 1.1.1.1:53 | xxxi.porn | udp |
| US | 104.21.43.103:443 | xxxi.porn | tcp |
| US | 1.1.1.1:53 | 87f81e4343.d7ea5cbf87.com | udp |
| NL | 45.133.44.53:443 | 87f81e4343.d7ea5cbf87.com | tcp |
| US | 1.1.1.1:53 | js.capndr.com | udp |
| NL | 45.133.44.53:443 | js.capndr.com | tcp |
| US | 1.1.1.1:53 | storage.multstorage.com | udp |
| US | 1.1.1.1:53 | d222f456fa.4cc4a19f72.com | udp |
| US | 1.1.1.1:53 | js.wpshsdk.com | udp |
| NL | 45.133.44.53:443 | js.wpshsdk.com | tcp |
| US | 104.21.30.242:443 | storage.multstorage.com | tcp |
| NL | 45.133.44.52:443 | js.wpshsdk.com | tcp |
| US | 1.1.1.1:53 | fp.metricswpsh.com | udp |
| NL | 45.133.44.52:443 | js.wpshsdk.com | tcp |
| DE | 157.90.84.242:443 | fp.metricswpsh.com | tcp |
| DE | 157.90.84.242:443 | fp.metricswpsh.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 142.251.168.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | nereserv.com | udp |
| US | 1.1.1.1:53 | 5f69343b4b.cb8ef6fb70.com | udp |
| DE | 167.235.163.216:443 | 5f69343b4b.cb8ef6fb70.com | tcp |
| DE | 157.90.84.246:443 | 5f69343b4b.cb8ef6fb70.com | tcp |
| US | 1.1.1.1:53 | sw.wpushorg.com | udp |
| NL | 45.133.44.52:443 | sw.wpushorg.com | tcp |
| US | 1.1.1.1:53 | sw.cowtpvi.com | udp |
| NL | 45.133.44.52:443 | sw.cowtpvi.com | tcp |
| NL | 45.133.44.52:443 | sw.cowtpvi.com | tcp |
| US | 104.21.43.103:443 | xxxi.porn | tcp |
| US | 1.1.1.1:53 | counter.yadro.ru | udp |
| RU | 88.212.201.198:443 | counter.yadro.ru | tcp |
| US | 1.1.1.1:53 | static.bookmsg.com | udp |
| US | 1.1.1.1:53 | imdn.pics | udp |
| US | 1.1.1.1:53 | p.a64x.com | udp |
| DE | 157.90.84.246:443 | 5f69343b4b.cb8ef6fb70.com | tcp |
| NL | 45.133.44.24:443 | imdn.pics | tcp |
| NL | 45.133.44.24:443 | imdn.pics | tcp |
| US | 104.21.19.82:443 | p.a64x.com | tcp |
| NL | 45.133.44.25:443 | imdn.pics | tcp |
| US | 1.1.1.1:53 | xxxi.porn | udp |
| US | 172.67.178.33:443 | xxxi.porn | tcp |
| US | 1.1.1.1:53 | cdn-01.viidoos.com | udp |
| US | 104.21.33.92:443 | cdn-01.viidoos.com | tcp |
| US | 1.1.1.1:53 | cdn-01.viidoos.com | udp |
| US | 172.67.189.125:443 | cdn-01.viidoos.com | tcp |
| US | 1.1.1.1:53 | sunofmonaco.site | udp |
| NL | 109.234.38.57:443 | sunofmonaco.site | tcp |
| US | 1.1.1.1:53 | chikaveronika.com | udp |
| NL | 85.17.54.67:443 | chikaveronika.com | tcp |
| US | 1.1.1.1:53 | m.spdate.com | udp |
| NL | 23.111.80.246:443 | m.spdate.com | tcp |
| US | 1.1.1.1:53 | mrlscr.com | udp |
| US | 1.1.1.1:53 | overdates.com | udp |
| US | 1.1.1.1:53 | datetrackservice.com | udp |
| US | 1.1.1.1:53 | static.spdate.com | udp |
| US | 1.1.1.1:53 | comentando.net | udp |
| US | 1.1.1.1:53 | i.phts.io | udp |
| NL | 34.90.10.178:443 | comentando.net | tcp |
| US | 1.1.1.1:53 | node.phts.io | udp |
| NL | 23.111.80.246:443 | datetrackservice.com | tcp |
| NL | 23.111.80.246:443 | datetrackservice.com | tcp |
| US | 104.26.5.231:443 | static.spdate.com | tcp |
| NL | 34.90.10.178:443 | comentando.net | tcp |
| US | 1.1.1.1:53 | i.phts.io | udp |
| US | 1.1.1.1:53 | cdn.icalendars.app | udp |
| NL | 23.111.80.246:443 | datetrackservice.com | tcp |
| US | 172.67.134.35:443 | cdn.icalendars.app | tcp |
| US | 1.1.1.1:53 | api.icalendars.app | udp |
| NL | 34.90.134.29:443 | api.icalendars.app | tcp |
| NL | 23.111.80.246:443 | datetrackservice.com | tcp |
| NL | 172.255.233.92:8083 | node.phts.io | tcp |
| US | 1.1.1.1:53 | images.jucydate.com | udp |
| US | 104.26.9.171:443 | images.jucydate.com | tcp |
| US | 104.26.9.171:443 | images.jucydate.com | tcp |
| US | 1.1.1.1:53 | s.magsrv.com | udp |
| US | 1.1.1.1:53 | s.opoxv.com | udp |
| US | 1.1.1.1:53 | s.orbsrv.com | udp |
| US | 1.1.1.1:53 | s.pemsrv.com | udp |
| US | 1.1.1.1:53 | syndication.realsrv.com | udp |
| US | 1.1.1.1:53 | s.zlinkd.com | udp |
| NL | 95.211.229.245:443 | s.zlinkd.com | tcp |
| NL | 95.211.229.248:443 | s.zlinkd.com | tcp |
| NL | 95.211.229.246:443 | s.pemsrv.com | tcp |
| NL | 95.211.229.245:443 | s.zlinkd.com | tcp |
| NL | 95.211.229.245:443 | s.zlinkd.com | tcp |
| US | 1.1.1.1:53 | images.mrlscr.com | udp |
| NL | 95.211.229.248:443 | s.zlinkd.com | tcp |
| US | 172.67.157.190:443 | images.mrlscr.com | tcp |
| US | 1.1.1.1:53 | vlm.spdate.com | udp |
| GB | 18.172.153.91:443 | vlm.spdate.com | tcp |
| GB | 18.172.153.91:443 | vlm.spdate.com | tcp |
| US | 1.1.1.1:53 | wpai9m3pvplnk7023ao5ssh0.find-singles-online.com | udp |
| US | 34.75.238.37:443 | wpai9m3pvplnk7023ao5ssh0.find-singles-online.com | tcp |
| US | 1.1.1.1:53 | ilndngs.romanticboo.com | udp |
| US | 172.67.195.62:443 | ilndngs.romanticboo.com | tcp |
| US | 172.67.195.62:443 | ilndngs.romanticboo.com | tcp |
| US | 172.67.195.62:443 | ilndngs.romanticboo.com | tcp |
| US | 34.75.238.37:443 | wpai9m3pvplnk7023ao5ssh0.find-singles-online.com | tcp |
| US | 1.1.1.1:53 | wrr663d273bff7023oob9b50.find-singles-online.com | udp |
| US | 1.1.1.1:53 | 5f69343b4b.cb8ef6fb70.com | udp |
| DE | 94.130.198.6:443 | 5f69343b4b.cb8ef6fb70.com | tcp |
| US | 104.21.43.103:443 | xxxi.porn | tcp |
| US | 104.21.33.92:443 | cdn-01.viidoos.com | tcp |
| US | 1.1.1.1:53 | cdn-02.viidoos.com | udp |
| US | 1.1.1.1:53 | cdn-02.viidoos.com | udp |
| US | 172.67.189.125:443 | cdn-02.viidoos.com | tcp |
Files
/data/data/com.roblox.client/cache/journal.tmp
| MD5 | 37e8e716e0e2f4a0b05cd9571d95b84d |
| SHA1 | f8d068f6931707bddb8cd69f706f2224ad1fea3c |
| SHA256 | 7080cb592d5149c858b206d3fd0d5e3e7d601f120af00b2616bee928ee1291ca |
| SHA512 | e62b850901835fdb73fa6224618422f721dd765861d42f6bc2dd013413e96bd910ac5313afd9b4f63da74beb12a15fac81b5157456c9caa3031862dab84423f6 |
/data/data/com.roblox.client/no_backup/com.google.InstanceId.properties
| MD5 | 9bf1a0f7ef314539728dde4f3bb116ae |
| SHA1 | b206980466b5013328a57229b8c8a034945d5169 |
| SHA256 | 6492df3ed83ad2d1db152a483a72138eaaf2948e1952e1bd5bc31d8a8a46b643 |
| SHA512 | c4cc37d552ca4f5558a2b011130d688252bfa15e7f3849efe1d9254266feb6f66cfe72f895bd72857b66aa242afc391962903a9552bd76ca4997212dbac238b6 |
/data/data/com.roblox.client/cache/journal
| MD5 | 4baeafcc8e7430507dc2dc3400db7e93 |
| SHA1 | 198ab86c2643d74255bedd14fe4fe7dd35192191 |
| SHA256 | 1863e4ab323b5c3a3a1625824f96aebb728ebda4613a2c632127c717468e6c56 |
| SHA512 | fd3d86b14086a5d4bb15b7bb6b54a4ab29f540186c2a2ddeb7553d424eaf7cad82e19b25fbe66c22d1a2f3269ce5915148f2e46ba9496fef491396383623528f |
/data/data/com.roblox.client/cache/0de3774d53f29efb27fa09a940a0ec5f.0.tmp
| MD5 | 3d94509345e3864f3ced624de3c93889 |
| SHA1 | 1c8f7ce28dfe41959e51e46277d3041052fb08c3 |
| SHA256 | 12c3294a160fbb98c423f3c5b066780c31dae56233d68dde4b750aa6bfbd39a0 |
| SHA512 | de0beeb6f392c9c9e5d90d776ce27fa26c4dd21d196cd1620aefef91292e17c5d609b929f1c537fa993dfb8410b5cb6295f1c140a83b2453a36ef81db5fa616d |
/data/data/com.roblox.client/cache/0de3774d53f29efb27fa09a940a0ec5f.1.tmp
| MD5 | ea805f25505aa0c71a7cfd1d0d435203 |
| SHA1 | 73589a3acf0bee94828cbc74b2c968fb969dc78a |
| SHA256 | eaee1ec5cc94b158787e68c44a675ca842db85d4a85e29d0f378d4812cbfeb49 |
| SHA512 | 5e049ca8dd13997d73ff828f4aca62a1297af75a4dfca200f6963205612772aa17ea7528d50d0de55185c6e106b170ffa13bf934e4621f56d65134fa0ee2533f |
/data/data/com.roblox.client/files/PersistedInstallation8848661033768919442tmp
| MD5 | 283a07391cd7d49577651898b132dbb7 |
| SHA1 | 6f3e0171011f162d93e14678eaa7acb721b90f6f |
| SHA256 | 0cb9c18c17fa6df4bd316c50e046794b85b117de0cab66ef56672adddf6499fe |
| SHA512 | 29140a52f374d3e6a64caceeba04c73472ae1a5d69e66fe6793c29dcf0bcaae9fc92962e19a2934453bacb87b39481260fb43a776ef3ba2fffb327e87214a0fc |
/data/data/com.roblox.client/databases/google_app_measurement_local.db-journal
| MD5 | 57de2cb4c58a0eacafcbeb3577ad9c5a |
| SHA1 | 8b6ab3bb88b5a6e58545100084b40e5e06827e45 |
| SHA256 | fe66e6eb680e5a53c1c17f6e8749322282d0cecbc243eaec76f9423ea7d9f3b0 |
| SHA512 | 686570d43456f4ec62c852c27c3f1929b0488d7f2c836f77dbbb34a7f79a4ec34aa4cc8d90a84d682621535a33a4ac8608245b96c9d90c78226d90f7f85730e7 |
/data/data/com.roblox.client/databases/google_app_measurement_local.db
| MD5 | 7237409e0640cfab7bdbd429bf821a3b |
| SHA1 | 4c3da934842f8d4835dfe2a9c275a300e5123309 |
| SHA256 | 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa |
| SHA512 | c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f |
/data/data/com.roblox.client/databases/google_app_measurement_local.db-shm
| MD5 | cf845a781c107ec1346e849c9dd1b7e8 |
| SHA1 | b44ccc7f7d519352422e59ee8b0bdbac881768a7 |
| SHA256 | 18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7 |
| SHA512 | 4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612 |
/data/data/com.roblox.client/databases/google_app_measurement_local.db-wal
| MD5 | 773d75359c1a96bed2729fbbb1d07858 |
| SHA1 | a383e13c715e978d1a9e0f5b64d59555973106d6 |
| SHA256 | c8f634c41bd6742ef46c0f95f5999d90be304c663c9ff04b65c305867a0067b0 |
| SHA512 | f1aca9772afd03736ebcac0f1d53932b93df71e51159f70bfe6602d877ac11b6d24fd5df6989da0035b0077242a2ab2e1b2cba36fbe48a3bc20db0e13385f9a0 |
/data/data/com.roblox.client/files/PersistedInstallation6832891315698523449tmp
| MD5 | 60c49568978346253d1cc456dfc848c4 |
| SHA1 | 60c1b1db2e2faf13fe4507b65e93d65a47b04ff3 |
| SHA256 | c8a62dcce27dbd5c60b46e444d9bad010abc2bd51cf3def2b54ce74e877785cb |
| SHA512 | a502dc9de165e69df15786bbc08ad3b896a4646db52df8889fe19f9aff3fcfdfff1c38f19d7fb55fb43bf8c44ebcebd0e4d98cad4a7119fc90c47a4e5ecf1b5d |