Overview

overview

7

Static

static

6

daa8d41db8...65.apk

android-9-x86

7

daa8d41db8...65.apk

android-10-x64

7

daa8d41db8...65.apk

android-11-x64

7

Analysis

  • max time kernel
    176s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    24-05-2024 12:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    daa8d41db8b17c2a107d17fe15cd5a310142bf8c62d6177bffdecefcd7522765.apk

  • Size

    1.9MB

  • MD5

    1cdadc772cf659725cb2f8a2bb9a9d89

  • SHA1

    69dd08febb44efe9c0d2393e4f6cbce131bc0c35

  • SHA256

    daa8d41db8b17c2a107d17fe15cd5a310142bf8c62d6177bffdecefcd7522765

  • SHA512

    3a2cce05c3dbe24be404976092ce99ff7596a0566cc4fb311d97b1b5062c4aeb3cbe088b08eab85eddb5c1f1b2a415cac3d581405adb20d24671b4acc9dc7f57

  • SSDEEP

    24576:Qok/Boh8Y78QDuqTWqRQ4kQQOVa6ox7nPWgYJWrwkc7OhpMjg4OFgiWV7r+tmX9W:Qokpoh8Qr/TRxC8YMJ0VrOpLh+tmUeS

Score
7/10
discoveryevasionpersistence

Malware Config

Signatures

  • Checks memory information 2 TTPs 1 IoCs

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Acquires the wake lock 1 IoCs
  • Checks if the internet connection is available 1 TTPs 1 IoCs
    discovery

Processes

  • quasar.bistrocook
    1⤵
    • Checks memory information
    • Loads dropped Dex/Jar
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Acquires the wake lock
    • Checks if the internet connection is available
    PID:4392
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/quasar.bistrocook/files/bdbfefb6.dex --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/quasar.bistrocook/files/oat/x86/bdbfefb6.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4457

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/quasar.bistrocook/files/BGEaUZrY
    Filesize

    724B

    MD5

    7266bfeacf1bff945d158ece87bd34cf

    SHA1

    fdf84d34343a323c4cfe127c3d84c849004c0442

    SHA256

    46951401e36fbe078a90d81ffb28369499adf54490d9f288ac95d1dc74ed6ddf

    SHA512

    a341533638953cfd03a8f2d93d5064748defa816c0a16bc10022cadadb0a86c15b11866165f69ad60234602d0cc6a8ef7b9053fb9aa7a012bfb923a40795b630

    Download Submit
  • /data/data/quasar.bistrocook/files/BGEaUZrY
    Filesize

    470B

    MD5

    927e7f9b9f8a51c251286d48569c7932

    SHA1

    4d388db0838ccdb83f0380ee7e18c9772862e91c

    SHA256

    608e20d587371fc897a5e542d1a6a43bf4c76d80576d8e6e023e70add325211d

    SHA512

    96b08dc4c8594c7f5b7efbf1be5387892b2a52a4dbd8b8edc6b5e4a47866ce03324764c876865070f803997ae3344b08af069f59e61df3d5341837d1e0046afe

    Download Submit
  • /data/data/quasar.bistrocook/files/TrPJFdsN
    Filesize

    336B

    MD5

    134ae7f86715ffcf627cf20eb02319e8

    SHA1

    a40563ea5533d152c964ab3a9e353ba1995f32dc

    SHA256

    ab6fa29f3270ca1f44c82f3e1fa1bd7c7de25ed55b1fd258a6283261831bcb7a

    SHA512

    3eaa5409c1bc1158a4622f3f9e35a06734d6cdfc6159392493002e7ad0a497bcb3af455c902dc9da469935ae3f8ce53cd30d2d30d293911e0ebb26af0d52d831

    Download Submit
  • /data/data/quasar.bistrocook/files/TrPJFdsN
    Filesize

    336B

    MD5

    377dbf936cbfa46f866f06f7a8898ee6

    SHA1

    fcb02a23dc8f4b5cfd4ddede0b333762eddaacf9

    SHA256

    7be291719b9c992055a91913aea0d91bf4961870550e732b6403797cf3798ae4

    SHA512

    a6a53bbd444068dc97692dd25e60321466d9c9317656ac724e18f2635dfff0369cddcdba111de044086d5012ecc304c96cb1e0292fe1dd46b115b3c752485b6f

    Download Submit
  • /data/data/quasar.bistrocook/files/TrPJFdsN
    Filesize

    336B

    MD5

    1d4b69c0a991afe9dd113fe5a358f683

    SHA1

    119bbfb5f2ee6bd1021c83bfa6dce5248d4e4b76

    SHA256

    853c1e7d323a96f9a6f134b3ae8d1993396bcda614304793332df5a287faf712

    SHA512

    2ef4398f0e29e7cb726236b8b404cf20d98f2407afc5eec6460d41379f4549406c75edfff6e1d95b73f1984200d68f901e57104d7bf9e1a5be922ad2b6f8264c

    Download Submit
  • /data/data/quasar.bistrocook/files/bdbfefb6.dex
    Filesize

    261KB

    MD5

    41b8243edb9b9dde73ab207644e7e53b

    SHA1

    675de278447f6b585eba1db7460e599a30596d46

    SHA256

    14df0943e0c93d98b078e8bb6557ad887781f0337e54250184a8df5ff22e61ea

    SHA512

    9e86bfd169cc48e2b0a917884d38ed79bc0975420effaf336f1255cd61349b02a78a601e23722a7b2178578a73a23d8881872cbe619b6d58e84b48a43955117e

    Download Submit
  • /data/data/quasar.bistrocook/no_backup/com.google.InstanceId.properties
    Filesize

    2KB

    MD5

    9ac0e6998af36cec6c473417b8fd77d8

    SHA1

    3acff80c4357249ad05d024ed484568d1a55b026

    SHA256

    7bf2334bc1ef47e4a36a2d1f697ce0325460ebacd8ce3b05e11503b5556e29d8

    SHA512

    676fbb57e35ea0bc6e8831e2074897d1c4d19099eb556cebbcc096df7032de1b0c5d38bd27da8b820137410091ad27fec17164cea5b017af41a8494d19557a1c

    Download Submit
  • /data/user/0/quasar.bistrocook/files/bdbfefb6.dex
    Filesize

    614KB

    MD5

    2c7772a4236490f59e7f642a7a3a4cd4

    SHA1

    2e2bfb350a98af968a284a971751abaf99678d9f

    SHA256

    3a79a298753fce30d4a773d80e4ecba6a90149d201aaaba56ea0edba3be541a6

    SHA512

    1ac26087b78da22a346597bd86b9a1cffa467c3f90aa0e22e9fc2528e7bfeaee48f4cf16a4a364053125da851d347613afcff78277dbc2752aaba52be9f67e89

    Download Submit