Quick and Easy Android Malware Analysis - Part 3 Digging In!
Hope you brought your shovel as we start to take apart this malware and look at it's internal code. To get started we will need to pull the APK from the device to our local system. To do this you will need to turn on usb debugging on the phone or emulator from the settings menu of Android (Check out this link if you don't know how https://www.kingoapp.com/root-tutorials/how-to-enable-usb-debugging-mode-on-android.htm ). Now that you have your phone/emulator connected to your system you can now download the malicious APK. In our case we already have the APK but for those situations when you might now already have it downloaded you use the adb pull command (e.g. adb pull /data/app/bad.apk)to pull the package from the device. After you have completed this process we can now start the static analysis of APK. The main tool for performing static analysis of the APK is a decompiler. I prefer JEB ( https://www.pnfsoftware.com/jeb2/ ) but it requires a subscription. A free decomp