Analysis Overview
SHA256
55aa4dcfc250ca84ca996cc5f0f05cf25ed72249776e163564af1d37cfb0b3b6
Threat Level: Likely malicious
The file 55aa4dcfc250ca84ca996cc5f0f05cf25ed72249776e163564af1d37cfb0b3b6 was found to be: Likely malicious.
Malicious Activity Summary
Removes its main activity from the application launcher
Requests dangerous framework permissions
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-13 14:38
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-13 14:38
Reported
2024-03-13 14:41
Platform
android-x86-arm-20240221-en
Max time kernel
145s
Max time network
140s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
quasar.bistrocook
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | acal.acalaman.com | udp |
| PL | 51.75.52.77:80 | acal.acalaman.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| GB | 172.217.169.10:443 | tcp |
Files
/data/data/quasar.bistrocook/files/Config
| MD5 | 485c7215a9f9a6b5741025e7250c4617 |
| SHA1 | a1698cd0a75051c9ccccc5dfdb4d3f67f5a0ee00 |
| SHA256 | da202202283002827776330a5edc24aba804fb348998a6fe7b2b6a4caf3969c5 |
| SHA512 | d41cb53647ded58c58b8641ddbc6f7b560b9f5f6b30f968ebf194d67f5f053b4639cd2eb04661d78161d0f908cd5903d4fbfc662b6cf0246f3e1cb357c946432 |
/data/data/quasar.bistrocook/files/Timer
| MD5 | 2d57f34a0ddd427052e4d13d8457f9b7 |
| SHA1 | ae1a85d092aebd23f2aaaa41ba9379dbb07f09bd |
| SHA256 | 54fed8177efccf7acfabd387724ba4e160d59864f870446ebe98681de731ee76 |
| SHA512 | 911f75b5b0ba0ecee5b9c6162cc928f8dcca33ed02bc5a82f8249abc34eeb5325330dcc7e314d9cf8e51f7e5df965864e8736b0466f2b816dcb2707189b40e88 |
/data/data/quasar.bistrocook/files/Timer
| MD5 | 71cff3318468bd7b4429cb0326e4b205 |
| SHA1 | 9789813fcd9c44e5e8fd7f5b2b828983f71e3183 |
| SHA256 | 7551cb022726842cc5eb505253a9332264aa7bc990700aedbf2211713c870ca9 |
| SHA512 | d8bba136d8a04a119f883de8c37f3e5d8e836c26546943bf81227834a66cfff453fa6f0bc5da9af34bfd5dc2481e06ff68a359dab681dddab5a08e90f802569f |
/data/data/quasar.bistrocook/files/Config
| MD5 | 06606258c71825bbe3f53d5373df533e |
| SHA1 | 4fd15bcebad5929d527d8d21aa8a328d5dabbb63 |
| SHA256 | bebfffdfc7d2ed055f04f059f89a62596450cb1a92827e1506716f7be13768f1 |
| SHA512 | e149197b6287d3697a771ee4ae9ac7b1e78c004dfe273163dcdf1a7cd3c0593b6664ce4cda7c8cb440b40dd05e7ee0fc05dfe02e2c5bda1fb39683022363eee8 |
/data/data/quasar.bistrocook/files/Timer
| MD5 | 9a6b48f0031365ef79b8f8c80d49d192 |
| SHA1 | 45eaf359cb6b2d2bc7b23784a55a4fd20a11888d |
| SHA256 | c4dc5f7d7126760fca3532a3817582234424d59652c7b9d3c041bbbce1544ed7 |
| SHA512 | 863189a2b6360cbb6abecf6da5ee3ec50d5ec63272dd54251cc8c6a35c268ee214347dc991424c7750ba8919d66e7dc594d7c4de01066a620284cd6c9e5f6a73 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-13 14:38
Reported
2024-03-13 14:41
Platform
android-x64-20240221-en
Max time kernel
150s
Max time network
136s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
quasar.bistrocook
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | acal.acalaman.com | udp |
| PL | 51.75.61.103:80 | acal.acalaman.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.179.232:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| GB | 216.58.212.228:443 | tcp | |
| GB | 216.58.212.228:443 | tcp |
Files
/data/data/quasar.bistrocook/files/Config
| MD5 | 3272a7288219082a5971c90000518c7a |
| SHA1 | 7add6bfc142ff809d9a0370c29cf4f37bc713041 |
| SHA256 | 4a207510188b773689aadb3f39c257be0be755c7f1c7e437bfeba925495f956d |
| SHA512 | 85229466674da864279c56a1d12d150a0a01afe2354c2ac17d66648c5561169ba0b28bb6643f1c14ff5db5619d79bddf7a8789b3ef52139fa98ba8a8ef9bd080 |
/data/data/quasar.bistrocook/files/Timer
| MD5 | 89508be40b540c3987c1371387692adf |
| SHA1 | 30853c20aff54a79b64bfe98016b2a8b0ac46837 |
| SHA256 | 571ee8dd9b150873d64a392eb52f79f751fbdbeeacd7a8bb8fed8445afafddfd |
| SHA512 | fad85ef142787214dd951cbbb639a338602eb1b49e6af74416716ea8272150635a3d4cef2b678f79134e4c2c3ac514bcd5dab2773e200fa647252214fe0391d2 |
/data/data/quasar.bistrocook/files/Timer
| MD5 | dcecf3f39de93d95985461fcf8ff5b6a |
| SHA1 | 7fa36710904a5e8bbbdb03dde817e87342592a6b |
| SHA256 | 9f45fa8a5630b146e69a5bc329cee9cb0468707149faf45d222b861d326352a8 |
| SHA512 | c84b597bd06029c44b8cf4f7e4c3acc9b87ff23cc018a13b6ce615297a406d172e9b3817a4a09d45eef5c42b4be9175791012510c897b3aa89633438fb82307c |
/data/data/quasar.bistrocook/files/Config
| MD5 | 0e512f806ffeae26a97e82695a637705 |
| SHA1 | 240a7e3b052b104e1519846d9cae95893f5ea79c |
| SHA256 | cdd63311ff29911b3f6d509ceef51dbb9107c704b7d3d15d415d72c56594fb87 |
| SHA512 | eeed24d286acf47a82ec3fb5c7e775d3a8c7449c953f91f5a14f5429c94daed3baa782b7629f9e884d71c6e5217314d3f6ca90c162f6f8e58c03a1a549754796 |
/data/data/quasar.bistrocook/files/Timer
| MD5 | 6d9204f20a1fce06cf501a677c211743 |
| SHA1 | eafb77cfd010daa466f098bb46fe0ed3963e4280 |
| SHA256 | 7bac7ba505ee25bbdae57a984dbd59834cb6d14d56273e96af6b5f34516d310b |
| SHA512 | afd24a7c40e8a4f292751432f4a69c55c74d73dd548c8b3966614e7f2005bfafb64322fd74d17a1afb9a8b81d696dd9008729392e155c05971c52d2a34012d82 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-03-13 14:38
Reported
2024-03-13 14:41
Platform
android-x64-arm64-20240221-en
Max time kernel
150s
Max time network
132s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
quasar.bistrocook
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.46:443 | udp | |
| US | 1.1.1.1:53 | acal.acalaman.com | udp |
| PL | 51.75.52.77:80 | acal.acalaman.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.213.8:443 | ssl.google-analytics.com | tcp |
| GB | 216.58.212.228:443 | tcp | |
| GB | 216.58.212.228:443 | tcp |
Files
/data/user/0/quasar.bistrocook/files/Config
| MD5 | 3b68942dfdd6140142d07eb624a13661 |
| SHA1 | 3b9b27b8102c54cd1cc99034e9d8ca67c6648632 |
| SHA256 | 4d5e7d3249f3e13a32dfadd36d37ce4f5a311b0005c82dde810e42e5b427bcfc |
| SHA512 | 0e87f2826ecb2329c109e76bea1724d366b875707ea1063aef00507ddaa832d58e3ae85f556d46760c9e645e0b66bfcb60c929dd05abecead01b678d98637b76 |
/data/user/0/quasar.bistrocook/files/Timer
| MD5 | c477021bcaf3bb3e7af8a7efde7a254e |
| SHA1 | d5efc619530714ddd9ef53b98b15088a4709c929 |
| SHA256 | 233a5a1ebdbd6aca125d565fa5c2f99671846b364ccdb5cfd4c83d427ace3192 |
| SHA512 | b532f1be249c5845b7cd59190eb2c0c9455f5d28595ee5c92d6a7bf0f310b91abac18bab3b9e7d498fb64ed07bfd6454b624188ac27ec24a9b2afb8986a43cb7 |
/data/user/0/quasar.bistrocook/files/Timer
| MD5 | 8bacb6a3c986153764cba39d64ef2595 |
| SHA1 | 7e7f8c891717213d6a0f1fc5f81cee6c3f3678c4 |
| SHA256 | 782568a8a99493e7d70757fdcb60832f50db84ea39da171c0d65a0a801379938 |
| SHA512 | fe5bac11d5638ccde32aa9a5eccb455e190621b5243487f0963c35bad6c485c69c91ca5bea29bd3f185e4d3abfcec6a0776a5c6136042cc4b6eb5fb4c4f48422 |
/data/user/0/quasar.bistrocook/files/Config
| MD5 | c030b76c879062e3c7e8b2565bdbe20c |
| SHA1 | bfb5930198265af3fbb461c2ed0aa65a330924d9 |
| SHA256 | 0fd31cd29ee1f00179afda5426e3aacf3baa84cb5bbe0e0ed3fdf8fa96bf486c |
| SHA512 | fd2ab3ea59a555ffca1c4d96c5dc2ee9bb8f9faeca4bdff10cee5741a507e7d35ef37f61fd03f0365747b3bfc0f1d41fd974627cc65dfeca945d46dec479e4a5 |
/data/user/0/quasar.bistrocook/files/Timer
| MD5 | a7f8a979589f1e131b8571026d6a340a |
| SHA1 | 11a432f767c290554dd1cde94cd2c844a0a9586c |
| SHA256 | 6732405dcbd7742db10648bf6a6bbbdb3dc545b4f2a2c8a4034bf0a54d9f6bb6 |
| SHA512 | eebe003ea7e7eb5fcc3df871c341cb889ba48fe1a7c169e61f7247a1afb8247382309fcf51f7d241d89dff55bf6dd1b570cf0874b9839f7ebcc09934ee4210b4 |