Quark Report
Easy to Use and Intuitive Report
Quark provides 7 flexible report formats to boost your analysis.
Please see below for more details.
Summary Report
Examine with rules.
quark -a 14d9f1a92dd984d6040cc41ed06e273e.apk -s
There is the possibility to select only one label to filter the rules:
quark -a 14d9f1a92dd984d6040cc41ed06e273e.apk -s network
There is also the possibility to select only one rule:
quark -a 14d9f1a92dd984d6040cc41ed06e273e.apk -s <path_to_the_rule>
Note that if you want to select the default rules of Quark, the path to the ruleset is $HOME/.quark-engine/quark-rules/rules/
.
Detail Report
This is how we examine a real android malware (candy corn) with one single rule (crime).
quark -a 14d9f1a92dd984d6040cc41ed06e273e.apk -d
There is the possibility to select only one label to filter the rules:
quark -a 14d9f1a92dd984d6040cc41ed06e273e.apk -d network
There is also the possibility to select only one rule:
quark -a 14d9f1a92dd984d6040cc41ed06e273e.apk -d <path_to_the_rule>
Note that if you want to select the default rules of Quark, the path to the ruleset is $HOME/.quark-engine/quark-rules/rules/
.
Web Report
With the following command, you can easily analyze the Android sample and output the web report. See our demo here.
quark -a sample.apk -s -w quark_report.html
Label-based Report
Check which topic (indicated by labels) of the malware is more aggressive.
quark -a Ahmyth.apk -l detailed
Behaviors Comparison Radar Chart
With the following command, you can compare different APK actions based on the max confidence of rule labels and generate a radar chart.
quark -a first.apk -a second.apk -C
Call Graph
You can add the -g
option to the quark command, and you can get the call graph (only those rules match with 100% confidence).
quark -a Ahmyth.apk -s -g
Rule Classification
You can add the -c
option to the quark command, and you can output the rules classification with the mutual parent function (only those rules match with 100% confidence).
quark -a Ahmyth.apk -s -c