daa8d41db8b17c2a107d17fe15cd5a310142bf8c62d6177bffdecefcd7522765

Analysis

max time kernel
175s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
24-05-2024 12:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

daa8d41db8b17c2a107d17fe15cd5a310142bf8c62d6177bffdecefcd7522765.apk
Size

1.9MB
MD5

1cdadc772cf659725cb2f8a2bb9a9d89
SHA1

69dd08febb44efe9c0d2393e4f6cbce131bc0c35
SHA256

daa8d41db8b17c2a107d17fe15cd5a310142bf8c62d6177bffdecefcd7522765
SHA512

3a2cce05c3dbe24be404976092ce99ff7596a0566cc4fb311d97b1b5062c4aeb3cbe088b08eab85eddb5c1f1b2a415cac3d581405adb20d24671b4acc9dc7f57
SSDEEP

24576:Qok/Boh8Y78QDuqTWqRQ4kQQOVa6ox7nPWgYJWrwkc7OhpMjg4OFgiWV7r+tmX9W:Qokpoh8Qr/TRxC8YMJ0VrOpLh+tmUeS

Score

7^/10

collection credential_access discovery evasion impact

Malware Config

Signatures

Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

quasar.bistrocook

description ioc process

File opened for read /proc/meminfo quasar.bistrocook
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

T1407

Processes:

quasar.bistrocook

ioc pid process

/data/user/0/quasar.bistrocook/files/bdbfefb6.dex 4687 quasar.bistrocook
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

T1414

T1641.001

Processes:

quasar.bistrocook

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener quasar.bistrocook
Acquires the wake lock 1 IoCs

Processes:

quasar.bistrocook

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock quasar.bistrocook
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

quasar.bistrocook

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo quasar.bistrocook

description	ioc	process
File opened for read	/proc/meminfo	quasar.bistrocook

ioc	pid	process
/data/user/0/quasar.bistrocook/files/bdbfefb6.dex	4687	quasar.bistrocook

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	quasar.bistrocook

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	quasar.bistrocook

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	quasar.bistrocook

quasar.bistrocook
1⤵
- Checks memory information
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Acquires the wake lock
- Checks if the internet connection is available
PID:4687

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/quasar.bistrocook/files/BGEaUZrY
Filesize
471B

MD5
6e04afac108fdb188ca22bdd3992c39c

SHA1
590aec486ce001deb717f0e3fd937515d291e50c

SHA256
92b49c114aa7befa28a77c88d3e133a6a8564d72ff9bbfcd995c4efca1027b74

SHA512
f757c9f01156db6af0aff3a05b6619b02e28116b7f8ab219d98c1e6a97d6eaf44189be9b37514197a8ca86f538c6b22e4ce20e3aabbf34121fac836901bb3376

Download Submit
/data/user/0/quasar.bistrocook/files/BGEaUZrY
Filesize
725B

MD5
2ccf6e15eba2fa4394d7a3659f2b54ea

SHA1
7f059d2742263695d2961b14177ea0e832a698f4

SHA256
f35680cc22704edef1d6426ecac454c9e11400ac7c5fa4d3452b52bf9af107e7

SHA512
37d2b075ef6ff8181766a8c220994ef6c166c4d9e180836da4be931209f5d13d8d808ed98e7068cf67030101ecfe2767c058b21571e71f2fc66b8ecb13ceb650

Download Submit
/data/user/0/quasar.bistrocook/files/TrPJFdsN
Filesize
336B

MD5
4e3d033ebc84692d861afd47ba0e5fc3

SHA1
2e2e3de5218fba28712913600562f7f47fdc9edb

SHA256
9c078d31bdc9e5712b2a16e5bdcdd3acfd37a5c7404d968bea082875ca3d7682

SHA512
99ea59df672ab1d51310b4ef74f29d5ea3b6acf6e625692a361820a642dc3129a76df345a61fb05c13c04156af082a947d02b8e9924add48487a057ebe791d14

Download Submit
/data/user/0/quasar.bistrocook/files/TrPJFdsN
Filesize
336B

MD5
77b56dfec4db5c5ba0dea65df4bcb42e

SHA1
0eec432d45c42a5616d72c8ada66ad713d36ba87

SHA256
922f28abca9cd2ab793ec673573e664bae7dec4b748fa75722c32f4df48317b1

SHA512
0e85e462372983387a7613e1f37dc8151c220bc7ac31fe0d554f91f5ef33ab83651d51ef777324f738cc1970a05eaf774c1d216b655534e8425de4fd153d1f48

Download Submit
/data/user/0/quasar.bistrocook/files/TrPJFdsN
Filesize
336B

MD5
de38223877985d52bee26f58bcaf7eca

SHA1
2f637d4d52cb5fdb4276d0ca33c1c7af0f13c705

SHA256
f262e8296ebe9928df3e983dd356812dd218f9a652d4252a60cb348e89e2b6c2

SHA512
1600c8026d02ec672e07cc1a5a16e99937b51fa7d14e28914745050c9606f3452cf990d697e780960ad450e2c52fc56333451c573caada178b89d95ab69b552e

Download Submit
/data/user/0/quasar.bistrocook/files/bdbfefb6.dex
Filesize
261KB

MD5
41b8243edb9b9dde73ab207644e7e53b

SHA1
675de278447f6b585eba1db7460e599a30596d46

SHA256
14df0943e0c93d98b078e8bb6557ad887781f0337e54250184a8df5ff22e61ea

SHA512
9e86bfd169cc48e2b0a917884d38ed79bc0975420effaf336f1255cd61349b02a78a601e23722a7b2178578a73a23d8881872cbe619b6d58e84b48a43955117e

Download Submit
/data/user/0/quasar.bistrocook/files/bdbfefb6.dex
Filesize
614KB

MD5
2c7772a4236490f59e7f642a7a3a4cd4

SHA1
2e2bfb350a98af968a284a971751abaf99678d9f

SHA256
3a79a298753fce30d4a773d80e4ecba6a90149d201aaaba56ea0edba3be541a6

SHA512
1ac26087b78da22a346597bd86b9a1cffa467c3f90aa0e22e9fc2528e7bfeaee48f4cf16a4a364053125da851d347613afcff78277dbc2752aaba52be9f67e89

Download Submit
/data/user/0/quasar.bistrocook/no_backup/com.google.InstanceId.properties
Filesize
2KB

MD5
2a91d8738dc0ee1763bd9b1ee6e109e5

SHA1
36d114de551f4dc7b4cdfd61c57aab47fb2c0b22

SHA256
c180ac79fc2ae43c2aaccef34b75c20882dd5e33bc7d2b7714f7a0aa3b49ee15

SHA512
45d7592a7c313f673f6a3d9558d5456d5e4f3b61664a8e69a1be6c42222ea5bc4ee7167167f2290c5cc61cfc14b6b71912d125d9024f82368a533d998772d8c4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads