Analysis Overview
SHA256
55aa4dcfc250ca84ca996cc5f0f05cf25ed72249776e163564af1d37cfb0b3b6
Threat Level: Likely malicious
The file 55aa4dcfc250ca84ca996cc5f0f05cf25ed72249776e163564af1d37cfb0b3b6 was found to be: Likely malicious.
Malicious Activity Summary
Removes its main activity from the application launcher
Requests dangerous framework permissions
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-13 13:39
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-13 13:39
Reported
2024-03-13 13:43
Platform
android-x86-arm-20240221-en
Max time network
173s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.212.228:443 | tcp | |
| GB | 142.250.187.227:80 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| GB | 216.58.213.14:443 | tcp | |
| GB | 172.217.169.2:443 | tcp | |
| GB | 142.250.178.14:443 | tcp | |
| GB | 216.58.212.195:443 | tcp | |
| GB | 216.58.212.195:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| BE | 142.251.173.188:5228 | tcp | |
| GB | 216.58.212.195:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| GB | 216.58.212.195:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.212.196:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | qayteywucxw | udp |
| US | 1.1.1.1:53 | qxeyayskqfr | udp |
| US | 1.1.1.1:53 | pyfijjjxnnxnmmj | udp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| GB | 142.250.187.206:443 | www.youtube.com | udp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| US | 1.1.1.1:53 | mdh-pa.googleapis.com | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-13 13:39
Reported
2024-03-13 13:42
Platform
android-x64-20240221-en
Max time kernel
155s
Max time network
152s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
quasar.bistrocook
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | acal.acalaman.com | udp |
| PL | 51.75.61.102:80 | acal.acalaman.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.201.104:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.14:443 | android.apis.google.com | tcp |
| GB | 216.58.212.228:443 | tcp | |
| GB | 216.58.212.228:443 | tcp | |
| GB | 172.217.169.66:443 | tcp | |
| GB | 172.217.169.14:443 | tcp |
Files
/data/data/quasar.bistrocook/files/Config
| MD5 | 3272a7288219082a5971c90000518c7a |
| SHA1 | 7add6bfc142ff809d9a0370c29cf4f37bc713041 |
| SHA256 | 4a207510188b773689aadb3f39c257be0be755c7f1c7e437bfeba925495f956d |
| SHA512 | 85229466674da864279c56a1d12d150a0a01afe2354c2ac17d66648c5561169ba0b28bb6643f1c14ff5db5619d79bddf7a8789b3ef52139fa98ba8a8ef9bd080 |
/data/data/quasar.bistrocook/files/Timer
| MD5 | bc3352929dc2909f85c94e79487352fb |
| SHA1 | 1fb2a974a91eaf6278f473341723fd85930e9ebb |
| SHA256 | 854cc745f8b2d7a628ef9ed45ad16335bb6ccdcdd6469fe00d5b8b51917aab6d |
| SHA512 | 59792d50fd2ff995cd7133a17c096bd94112c51b4ca40b06b864cdd5ec93c69b291caddecc1f2d6e4de5d5140eb97ea46591378c311d9e1609c1db94c84b0287 |
/data/data/quasar.bistrocook/files/Timer
| MD5 | 58fee547899ec6dfbfa35608b4e1cd5a |
| SHA1 | f00a079d1cff84906310bd0730590ac871c886de |
| SHA256 | 3774b3ebea1bd2c9ceede350fec3c7d37bae7fd001e53f518096ba8fe87b8b0b |
| SHA512 | d32291a480a0f54331d3c44f65bedf4d6cdd3d482dc708b71a15a14a2eb177dd7592dba2dd2e4ac7ecb33d464d232315ffc9599e4f7c8b3b213f3f0b529b21e3 |
/data/data/quasar.bistrocook/files/Config
| MD5 | 0e512f806ffeae26a97e82695a637705 |
| SHA1 | 240a7e3b052b104e1519846d9cae95893f5ea79c |
| SHA256 | cdd63311ff29911b3f6d509ceef51dbb9107c704b7d3d15d415d72c56594fb87 |
| SHA512 | eeed24d286acf47a82ec3fb5c7e775d3a8c7449c953f91f5a14f5429c94daed3baa782b7629f9e884d71c6e5217314d3f6ca90c162f6f8e58c03a1a549754796 |
/data/data/quasar.bistrocook/files/Timer
| MD5 | d726ce9914e8e0e201e2542d3edccdca |
| SHA1 | f9ed939de0ed5db3dc1d75a72a76360b5686c81b |
| SHA256 | 0a9061b16cc978425d455470e22386de00b920a2ccb7f2fee2a8b9c5c920d171 |
| SHA512 | 1cd51f7ada62411aa42248e72a842f1c87bedcdd8fb60754563a81a5b7cf1a2894cd0f5df8cbaea6f4ba888bb72ec2b5de6613c8e0a856ff74544c6c03bf78b5 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-03-13 13:39
Reported
2024-03-13 13:42
Platform
android-x64-arm64-20240221-en
Max time kernel
151s
Max time network
132s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
quasar.bistrocook
Network
| Country | Destination | Domain | Proto |
| GB | 216.58.201.110:443 | tcp | |
| GB | 216.58.201.110:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.10:443 | udp | |
| GB | 142.250.200.14:443 | udp | |
| US | 1.1.1.1:53 | acal.acalaman.com | udp |
| NL | 5.149.249.226:80 | acal.acalaman.com | tcp |
| US | 1.1.1.1:53 | udp | |
| GB | 216.58.204.72:443 | tcp | |
| GB | 172.217.16.228:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
Files
/data/user/0/quasar.bistrocook/files/Config
| MD5 | 3b68942dfdd6140142d07eb624a13661 |
| SHA1 | 3b9b27b8102c54cd1cc99034e9d8ca67c6648632 |
| SHA256 | 4d5e7d3249f3e13a32dfadd36d37ce4f5a311b0005c82dde810e42e5b427bcfc |
| SHA512 | 0e87f2826ecb2329c109e76bea1724d366b875707ea1063aef00507ddaa832d58e3ae85f556d46760c9e645e0b66bfcb60c929dd05abecead01b678d98637b76 |
/data/user/0/quasar.bistrocook/files/Timer
| MD5 | df388127aca2ffe8249a14fe9cdcc762 |
| SHA1 | b0ea553eab75c16a0de709df5448ff3285f82f3a |
| SHA256 | ffaa097d05a88b15e678b90e56110d823571569dd45b03e1477f84196f02e0d4 |
| SHA512 | 0bd2fcca056d4ce4e1e7cdce274f086cdd60d9d5f370401041d037efb460b9ccd8a6cd03d778977997afcef311562df66f817ab92c444b6ba0b1754c5f00b406 |
/data/user/0/quasar.bistrocook/files/Timer
| MD5 | 3d4b51e4add3413644684f7a08980897 |
| SHA1 | 3073c88421b5767062ae96c77dc5b515f282db78 |
| SHA256 | 7671a247007d552a0310c372adc43ccec814ab41ee01b9f47ac4c2eaeb95291c |
| SHA512 | 7eef4ecd2a0c86668541582cf0a32f6ac779bb80f87d0361ff7d2512ccb0a911f81cbfc74b67a56474f9e1d6247e358948582c10b40075e92c43e61d68311eff |
/data/user/0/quasar.bistrocook/files/Config
| MD5 | 327885264cc64f097fe8ce383036e4fe |
| SHA1 | 99f282a9452cbe7c59c03eb5b84044cfa943ca12 |
| SHA256 | 6e829735d150b5e59310e3980e1e080a592dee861976b1faa0fa05208b3e8536 |
| SHA512 | aff817ae09fcfe5dbed3880f4774fd683a94961e2e24428ce290b83dba7fbef1943235ac18bfe34f94568064e1026b6b392d0c5858ce16ef151e61c62abdf17e |
/data/user/0/quasar.bistrocook/files/Timer
| MD5 | 866cbdbc66cb71ce9a4656356bb82067 |
| SHA1 | b112190a7d5a8f8aed9a4af17b3ff2ee16d946c1 |
| SHA256 | 2337519392ed3a896c45676681f227301829518597fa0c5d3615f183b4ef9314 |
| SHA512 | c8a9ab3399a443f61a3214b1f345a8d3746e6bab5f2051b343003872b794559b8e2639e2ba7bd6475ef15c62dfe833ded9e9562323de6b53094083938cf7f127 |