Task 1 - Introduction
No need to answer!
Task 2 - First Steps
What is the name of the technique used by Google Play to mark the applications uploaded to the Google Play Store?
What is the MD5 hash of the APK?
What is the SHA256 hash of this sample?
What is the size of the sample?
Task 3 - Getting into the APK
Which version of the application is targeted?
Check all the activities. There is one standing out. Which one is it?
How many activities in the Manifest analysis are linked to the activity that we have identified?
What is the first crime identified?
There is a crime that should attract your attention. It is something that shouldn't happen with a non-malicious chat app. What crime is it?
How many classes have a TCP connection and are identified as being part of our malicious activity?
Which one of the classes having a TCP connection is probably not malicous?
Task 4 - Hunting
In the section for search by identified names. Click on the magnifying glass icon to search for "finspy" samples.
What do you notice that will identify our sample as having similarities with the other search results?
Task 5 - Hunting 2
Find the sha256 hash of our previous sample and run a query using the hash. What is the query you used?
What query would you use to find the non malicious class that we identified previously?
Task 6 - Conclusion
I'm done with this room!
