daa8d41db8b17c2a107d17fe15cd5a310142bf8c62d6177bffdecefcd7522765

General

Target

daa8d41db8b17c2a107d17fe15cd5a310142bf8c62d6177bffdecefcd7522765.apk
Size

1.9MB
MD5

1cdadc772cf659725cb2f8a2bb9a9d89
SHA1

69dd08febb44efe9c0d2393e4f6cbce131bc0c35
SHA256

daa8d41db8b17c2a107d17fe15cd5a310142bf8c62d6177bffdecefcd7522765
SHA512

3a2cce05c3dbe24be404976092ce99ff7596a0566cc4fb311d97b1b5062c4aeb3cbe088b08eab85eddb5c1f1b2a415cac3d581405adb20d24671b4acc9dc7f57
SSDEEP

24576:Qok/Boh8Y78QDuqTWqRQ4kQQOVa6ox7nPWgYJWrwkc7OhpMjg4OFgiWV7r+tmX9W:Qokpoh8Qr/TRxC8YMJ0VrOpLh+tmUeS

Score

7^/10

collection credential_access discovery evasion impact persistence

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

quasar.bistrocook

description ioc process

File opened for read /proc/meminfo quasar.bistrocook
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

T1407

Processes:

quasar.bistrocook

ioc pid process

/data/user/0/quasar.bistrocook/files/bdbfefb6.dex 5329 quasar.bistrocook
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

quasar.bistrocook

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener quasar.bistrocook
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
discovery

T1422

Processes:

quasar.bistrocook

description ioc process

Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone quasar.bistrocook
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

quasar.bistrocook

description ioc process

Framework service call android.app.IActivityManager.registerReceiver quasar.bistrocook
Acquires the wake lock 1 IoCs

Processes:

quasar.bistrocook

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock quasar.bistrocook
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

quasar.bistrocook

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo quasar.bistrocook

description	ioc	process
File opened for read	/proc/meminfo	quasar.bistrocook

ioc	pid	process
/data/user/0/quasar.bistrocook/files/bdbfefb6.dex	5329	quasar.bistrocook

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	quasar.bistrocook

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	quasar.bistrocook

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	quasar.bistrocook

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	quasar.bistrocook

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	quasar.bistrocook

quasar.bistrocook
1⤵
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:5329

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/quasar.bistrocook/files/BGEaUZrY
Filesize
471B

MD5
5cb9c565bce657226e3261c7f619d4f2

SHA1
ff3b2b7e212bda3f9fbd59083d0f5b5aee740fb2

SHA256
d5cf91809ee37661a2efee44083601503706f2c61e3bef1ca426e8893b05b8d8

SHA512
539496eb7bb2bc7abb2abdec9acc4ea53290021fe2fba86bb429931519f2c7b018469c615cbac4aec78a3e45d55495ab6056d95c0d1bfc09a4162798bec02b03

Download Submit
/data/data/quasar.bistrocook/files/BGEaUZrY
Filesize
725B

MD5
dbf3143e9bf3ad44b46f3b3cebbd10f8

SHA1
68dbd694a03eda5fcc60da267ed442bee1c762e4

SHA256
6d4c8f0442a24e15aa1d92c8f648ef4b6485bff7d46c5a16a1d8db26dee0162e

SHA512
b56276772a158ca6437373c04bd9e5ee619b8c5f6de72a30ca9094fabe09a5a70fd20be3e424e7c095fc6a11cbda59169610d7c7622997dc2d1105b6554801a6

Download Submit
/data/data/quasar.bistrocook/files/TrPJFdsN
Filesize
336B

MD5
f18e795c884d82ea168b02b4ccb8ed1b

SHA1
d92db564938225ba463bb667c5f6963ed1e0a4a6

SHA256
bc1f5ef16449dae1348473a5ebf18f1a1696a161c0c1d04580189ef35c17ebde

SHA512
c6b51d0e57f4f829e2d8eb4b89094b6fda65a11927a7f2e68a9105a26db7225d0737cc5ea6c8e8ae8fd16a6ee32035fadbcba80457a902a88fa017b03db92f00

Download Submit
/data/data/quasar.bistrocook/files/TrPJFdsN
Filesize
336B

MD5
12884584997963fc4fcc59fd80593056

SHA1
33d6c65883af3148e80c7480ead71339a6812ada

SHA256
2e4616243306e6f677b1fe88de26208acfd298537869506e86e480d6ff2f2389

SHA512
46be0437fd0c6bf333bf2a47ca27e1adf28bdcd647f6a1bb33f2098338dae4aa3e1590a5e5687a8bdf32434d77ec7d209af70f4ae308ad8a178a2ef7349c91b9

Download Submit
/data/data/quasar.bistrocook/files/TrPJFdsN
Filesize
336B

MD5
cfd935be78594e68939503f8e0e4a0d5

SHA1
6808b5dabb9030cb616ec63319943d995d53805c

SHA256
fb8fda815d1e7fe620d1c8f32f133e99aea2d2a1ac9f2d6c5a7124402f163f22

SHA512
8e74aa0817bcc9efdefef2253de9133d136c63ee8856959513ba5f7a9d81246cedda26c3357cd35f3daded34c52ec74cb9171953ce759d3bf7fefaa4cce5e6cb

Download Submit
/data/data/quasar.bistrocook/files/bdbfefb6.dex
Filesize
261KB

MD5
41b8243edb9b9dde73ab207644e7e53b

SHA1
675de278447f6b585eba1db7460e599a30596d46

SHA256
14df0943e0c93d98b078e8bb6557ad887781f0337e54250184a8df5ff22e61ea

SHA512
9e86bfd169cc48e2b0a917884d38ed79bc0975420effaf336f1255cd61349b02a78a601e23722a7b2178578a73a23d8881872cbe619b6d58e84b48a43955117e

Download Submit
/data/data/quasar.bistrocook/no_backup/com.google.InstanceId.properties
Filesize
2KB

MD5
f1412aa74bbdfd64f22a4f0dae847f26

SHA1
385d98d41f5fb75ee50fa10b4e131dbc4596459d

SHA256
dc8aced4b33efa660f78e28f178e2947d120a9cd5e3789296598b20b0ba15f5e

SHA512
28f2adffc454470a9d597084cb252816a4a3e9aaf0452070342f3c69f6f16eea629d63195349d3e1309959a256f331c0eac4bab4d0d6f2b1cce5f93604038259

Download Submit
/data/user/0/quasar.bistrocook/files/bdbfefb6.dex
Filesize
614KB

MD5
2c7772a4236490f59e7f642a7a3a4cd4

SHA1
2e2bfb350a98af968a284a971751abaf99678d9f

SHA256
3a79a298753fce30d4a773d80e4ecba6a90149d201aaaba56ea0edba3be541a6

SHA512
1ac26087b78da22a346597bd86b9a1cffa467c3f90aa0e22e9fc2528e7bfeaee48f4cf16a4a364053125da851d347613afcff78277dbc2752aaba52be9f67e89

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads