Quark Report

Easy to Use and Intuitive Report

Quark provides 7 flexible report formats to boost your analysis.

Please see below for more details.

Summary Report

Examine with rules.

quark -a 14d9f1a92dd984d6040cc41ed06e273e.apk -s

There is the possibility to select only one label to filter the rules:

quark -a 14d9f1a92dd984d6040cc41ed06e273e.apk -s network

There is also the possibility to select only one rule:

quark -a 14d9f1a92dd984d6040cc41ed06e273e.apk -s <path_to_the_rule>
https://i.imgur.com/v7ehRW0.png

Note that if you want to select the default rules of Quark, the path to the ruleset is $HOME/.quark-engine/quark-rules/rules/.

Detail Report

This is how we examine a real android malware (candy corn) with one single rule (crime).

quark -a 14d9f1a92dd984d6040cc41ed06e273e.apk -d

There is the possibility to select only one label to filter the rules:

quark -a 14d9f1a92dd984d6040cc41ed06e273e.apk -d network

There is also the possibility to select only one rule:

quark -a 14d9f1a92dd984d6040cc41ed06e273e.apk -d <path_to_the_rule>
https://i.imgur.com/LFLFpvc.png

Note that if you want to select the default rules of Quark, the path to the ruleset is $HOME/.quark-engine/quark-rules/rules/.

Web Report

With the following command, you can easily analyze the Android sample and output the web report. See our demo here.

quark -a sample.apk -s -w quark_report.html
https://i.imgur.com/fNc3mC0.jpg

Label-based Report

Check which topic (indicated by labels) of the malware is more aggressive.

quark -a Ahmyth.apk -l detailed
https://i.imgur.com/0GbBDfn.png

Behaviors Comparison Radar Chart

With the following command, you can compare different APK actions based on the max confidence of rule labels and generate a radar chart.

quark -a first.apk -a second.apk -C
https://i.imgur.com/ClRWOei.png

Call Graph

You can add the -g option to the quark command, and you can get the call graph (only those rules match with 100% confidence).

quark -a Ahmyth.apk -s -g
https://i.imgur.com/5xcrcdN.png

Rule Classification

You can add the -c option to the quark command, and you can output the rules classification with the mutual parent function (only those rules match with 100% confidence).

quark -a Ahmyth.apk -s -c
https://i.imgur.com/YTK8V1x.png