Analysis Overview
SHA256
7e2c86ff29529ebd3e7b879857dfa00733e57d153d59a3cbe0ffaa3291afbbc9
Threat Level: Likely malicious
The file Root Booster_ByWhitheLuisZ.apk was found to be: Likely malicious.
Malicious Activity Summary
Checks if the Android device is rooted.
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Requests dangerous framework permissions
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
Checks memory information
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-02 22:19
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-02 22:19
Reported
2024-11-02 22:22
Platform
android-x86-arm-20240624-en
Max time kernel
118s
Max time network
108s
Command Line
Signatures
Checks if the Android device is rooted.
| Description | Indicator | Process | Target |
| N/A | /system/bin/su | N/A | N/A |
| N/A | /system/xbin/su | N/A | N/A |
| N/A | /data/local/xbin/su | N/A | N/A |
| N/A | /data/local/bin/su | N/A | N/A |
| N/A | /system/sd/xbin/su | N/A | N/A |
| N/A | /system/bin/failsafe/su | N/A | N/A |
| N/A | /data/local/su | N/A | N/A |
| N/A | /sbin/su | N/A | N/A |
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
| File opened for read | /proc/cpuinfo | N/A | N/A |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
| File opened for read | /proc/meminfo | N/A | N/A |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.ram.memory.booster.cpu.saver
/system/bin/sh
stat /sbin/su
stat /system/bin/su
stat /system/xbin/su
stat /data/local/xbin/su
stat /data/local/bin/su
stat /system/sd/xbin/su
stat /system/bin/failsafe/su
stat /data/local/su
/system/bin/cat /proc/cpuinfo
/system/bin/cat /proc/meminfo
su
/system/bin/cat /proc/cpuinfo
/system/bin/cat /proc/meminfo
/system/bin/cat /proc/cpuinfo
/system/bin/cat /proc/meminfo
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.42:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | update.liteapks.com | udp |
| US | 104.26.15.148:443 | update.liteapks.com | tcp |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| GB | 172.217.169.34:443 | tcp | |
| GB | 142.250.180.14:443 | tcp |
Files
pipe:[38594]
| MD5 | 9741dffc57929807536ffe73e9f04b06 |
| SHA1 | 568b7bfb136600819b188c8746b055086d945831 |
| SHA256 | 38327fbcc523fc790c15ce68d7e5027090821904ab2a9a381f44dec9cf6fdba3 |
| SHA512 | 8f31e0feec22bd876095548cf3bdba13a9d12a3f885f451d869270bca85d4f47302fc0a8986394241765b319766c8322ef1186262aca89a187cbe32666c66613 |