Posts

Showing posts from July, 2016

Quick and Easy Android Malware Analysis - Part 2 Beginning Analysis - Let's see what it does

Image
In the previous post I covered how to get an Android image running in an emulator and how to install the malicious APK to the device. This post will focus on performing some basic dynamic analysis of the APK in the emulator. The first thing we need to do is start our device. I've found the best way to do this that allows me to save the network traffic is with the command line tool ' emulator '. If you type ' emulator -help ' you will get a ton of arguments which this command takes but thankfully for us we only need a few of them. We start our device with the command emulator -avd  MyDevice -qemu -tcpdump traffic.pcap. This will start the device and save out a pcap of the network connections to the file specified. TestAndroid - Galaxy Nexus Android v4.2.1  Now its time to get to work. I pulled done a sample from VirusTotal that I've worked with before which is called MisoSMS . This malware was found targeting users in Asia and FireEye did a good writeup o...