Androtools is a Android malware static & dynamic analysis and automated action.

Androtools is a Android malware static & dynamic analysis and automated action.

androtools is Android malware static & dynamic analysis tool optimized for automated analysis. This work was motivated observing real-world needs for Police Officer and Malware Analysts who want to quickly check the malware’s specifics and detect type of Android malware briefly. This androtools supports Automated action in dynamic analysis which analyst don’t need to click button or activate & deactivate Device Admin. This total action only cost less then 1 minutes

Example Output Android Malware Analysis Report

Example Output Android Malware Analysis Report

Specifics about androtools:
– Automated click, button detection, activate & deactivate Device Admin from Device
– DEX class parse, string parse
– IP, Email, URL Searching in DEX, SO File
– APK File Similarity from user’s analysis history (fuzzyhash)
– APK Filetype Analysis
– AndroidManifest.xml Information
– Certification Information
– String XML Information
– Packet Data from Device
– Application Data Section Read & Write status
– Logcat Data when Application Run

User Guide
How to use :
1. git clone https://github.com/bunseokbot/androtools.git
2. python androtools.py <APK_MALWARE_FILE_PATH> <OUTPUT_HTML_PATH> Analysis Complete!

Pre-Install :
analyst have to install tcpdump in Android Virtual Device and ssdeep in Environment. or

Download : Master.zip (1.7 MB)  | Clone Url
Source : https://github.com/bunseokbot | androtools – developer Kim Namjun(@bunseokbot)