View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0007082Kali LinuxNew Tool Requestspublic2021-03-09 03:472021-05-18 11:07
Reporterkrnick Assigned Tosbrun  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionduplicate 
Summary0007082: Quark-Engine - An Obfuscation-Neglect Android Malware Scoring System
Description

Quark-Engine - An Obfuscation-Neglect Android Malware Scoring System

With ideas decoded from criminal law, Quark-Engine has its unique angles for Android analysis. We developed a Dalvik bytecode loader that has tainted analysis inside but also defeats the obfuscation techniques used against reverse engineering. And surprisingly, the loader matches perfectly the design of our malware scoring system.

Quark-Engine is very easy to use and also provides flexible output formats. There are three types of output reports: detail report, call graph, and summary report. With these reports in mind, you can get an overview of the high-risk behavior inside Android within seconds.

Also, by integrating with other Android analysis tools such as Ghidra, APKLAB, Jadx, Quark-Engine can greatly improve the efficiency of reverse engineers.

Quark-Engine already presented at DEFCON 28 BTV, HITB Lockdown 002, and will release more features at BlackHat Asia 2021 Arsenal. Also, Quark-Engine is now integrated with many open-source tools, such as IntelOwl, BlackArch Linux, Pithus/Bazaar, and APKLAB.

We have experiences (ghidraquark, APKLab) developing a feature that when users click on one of the activities, the corresponding smali source codes are highlighted for manual verification. This boosts up the speed for malware analysts.

Reference:

  1. Integrating with Ghidra:
    https://github.com/quark-engine/ghidraquark
    Quick demo for the quark usage with Ghidra
    https://www.youtube.com/watch?v=VXzfFB2S4bo&ab_channel=JunWeiSong

  2. Android malware reports that using Quark-Engine to analyze:
    https://github.com/quark-engine/quark-reports

  3. Quark-Engine Rules:
    https://github.com/quark-engine/quark-rules

  4. BlackHat Asia 2021 Arsenal
    https://www.blackhat.com/asia-21/arsenal/schedule/index.html#quark-engine-storyteller-of-android-malware-22458

  5. DEFCON 28 BTV
    https://www.youtube.com/watch?v=XK-yqHPnsvc&ab_channel=DEFCONConference

  6. HITB Lockdown 002
    https://conference.hitb.org/hitb-lockdown002/sessions/quark-engine-an-obfuscation-neglect-android-malware-scoring-system/

Relationships

Relationship GraphDependency Graph
duplicate of 0007121 resolvedsbrun Quark-Engine - An Obfuscation-Neglect Android Malware Scoring System 

Activities

g0tmi1k

g0tmi1k

2021-03-26 13:32

administrator   ~0014397

@kali-team, please could this be packaged up.
@author, If you want to help the packaging process, you can check the documentation here ~ https://www.kali.org/docs/development/public-packaging
krnick

krnick

2021-03-29 07:54

reporter   ~0014403

Thank you Kali Linux team for the acceptance of quark-engine, I'd love to work on the packaging.

Issue History

Date Modified Username Field Change
2021-03-09 03:47 krnick New Issue
2021-03-26 13:32 g0tmi1k Note Added: 0014397
2021-03-26 13:33 g0tmi1k Status new => acknowledged
2021-03-26 13:33 g0tmi1k Category New Tool Requests => Queued Tool Addition
2021-03-26 13:33 g0tmi1k Product Version kali-dev =>
2021-03-29 07:54 krnick Note Added: 0014403
2021-03-30 03:09 Erika carpenter Issue cloned: 0007121
2021-04-20 15:13 sbrun Relationship added duplicate of 0007121
2021-04-20 15:13 sbrun Assigned To => sbrun
2021-04-20 15:13 sbrun Status acknowledged => closed
2021-04-20 15:13 sbrun Resolution open => duplicate
2021-05-18 11:07 g0tmi1k Category Queued Tool Addition => New Tool Requests