Android Malware Analysis

No need to answer!

What is the name of the technique used by Google Play to mark the applications uploaded to the Google Play Store?

frostingWhat is the MD5 hash of the APK?

What is the MD5 hash of the APK?

e162504122c224d4609ade9efa9af82d

What is the SHA256 hash of this sample?

ae05bbd31820c566543addbb0ddc7b19b05be3c098d0f7aa658ab83d6f6cd5c8

What is the size of the sample?

40.68MB

Which version of the application is targeted?

3.65.979

Check all the activities. There is one standing out. Which one is it?

org.xmlpush.v3.StartVersion

How many activities in the Manifest analysis are linked to the activity that we have identified?

What is the first crime identified?

Load external class

There is a crime that should attract your attention. It is something that shouldn't happen with a non-malicious chat app. What crime is it?

Hide the current app's icon

How many classes have a TCP connection and are identified as being part of our malicious activity?

Which one of the classes having a TCP connection is probably not malicous?

okio/Okio.java

In the section for search by identified names. Click on the magnifying glass icon to search for "finspy" samples.

No need to answer!

What do you notice that will identify our sample as having similarities with the other search results?

org.xmlpush.v3

Find the sha256 hash of our previous sample and run a query using the hash. What is the query you used?

sha256:ae05bbd31820c566543addbb0ddc7b19b05be3c098d0f7aa658ab83d6f6cd5c8

What query would you use to find the non malicious class that we identified previously?

java_classes: "okio/Okio"

I'm done with this room!

No need to answer!

Last updated 3 years ago

Was this helpful?