General
-
Target
roblox.apk
-
Size
8.1MB
-
Sample
241217-xf5dyavjfz
-
MD5
6e72361ae6f3ea5d81cbc849f769eb7c
-
SHA1
8d0db9fd35f46ad1d9b0a9419decef00f818a80c
-
SHA256
271dc6629d6d79b485a62afd39f60383233fc8d4dff1cf9b9b6abd895323eed7
-
SHA512
09d2dc9a71912cf66de2d2526fae230738a5a5163f69233af964b8becd1356fcad62f8003473a75e3f60898a34bf71b9f970cc7ae55700b56d05c4c7e924ad97
-
SSDEEP
196608:Z8UO6unY5BKpk1vJp7J77dq8LoZVCVTp6Jwn:acunY31RBBd/LoXCVTp6c
Malware Config
Targets
-
-
Target
roblox.apk
-
Size
8.1MB
-
MD5
6e72361ae6f3ea5d81cbc849f769eb7c
-
SHA1
8d0db9fd35f46ad1d9b0a9419decef00f818a80c
-
SHA256
271dc6629d6d79b485a62afd39f60383233fc8d4dff1cf9b9b6abd895323eed7
-
SHA512
09d2dc9a71912cf66de2d2526fae230738a5a5163f69233af964b8becd1356fcad62f8003473a75e3f60898a34bf71b9f970cc7ae55700b56d05c4c7e924ad97
-
SSDEEP
196608:Z8UO6unY5BKpk1vJp7J77dq8LoZVCVTp6Jwn:acunY31RBBd/LoXCVTp6c
Score8/10-
Checks if the Android device is rooted.
-
Checks known Qemu files.
Checks for known Qemu files that exist on Android virtual device images.
-
Checks known Qemu pipes.
Checks for known pipes used by the Android emulator to communicate with the host.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Acquires the wake lock
-
Checks the application is allowed to request package installs through the package installer
Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).
-
Queries information about active data network
-
Checks the presence of a debugger
-
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Subvert Trust Controls
1Code Signing Policy Modification
1Virtualization/Sandbox Evasion
2System Checks
2