androtools is Android malware static & dynamic analysis tool optimized for automated analysis

lee / July 31, 2016 / Comments Off / Android Tools, Security Tools

androtools is Android malware static & dynamic analysis tool optimized for automated analysis. This work was motivated observing real-world needs for Police Officer and Malware Analysts who want to quickly check the malware’s specifics and detect type of Android malware briefly. This androtools supports Automated action in dynamic analysis which analyst don’t need to click button or activate & deactivate Device Admin. This total action only cost less then 1 minutes.

androtools

output html

Specifics about androtools:
+ Automated click, button detection, activate & deactivate Device Admin from Device
+ DEX class parse, string parse
+ IP, Email, URL Searching in DEX, SO File
+ APK File Similarity from user’s analysis history (fuzzyhash)
+ APK Filetype Analysis
+ AndroidManifest.xml Information
+ Certification Information
+ String XML Information
+ Packet Data from Device
+ Application Data Section Read & Write status
+ Logcat Data when Application Run

Usage and Download:

sudo apt-get install libfuzzy-dev
sudo pip install ssdeep
git clone https://github.com/bunseokbot/androtools.git && cd androtools
sudo python androtools.py <APK_MALWARE_FILE_PATH> <OUTPUT_HTML_PATH>
then open:
output.html & output2.html

sudo apt-get install libfuzzy-dev

sudo pip install ssdeep

git clone https://github.com/bunseokbot/androtools.git && cd androtools

sudo python androtools.py <APK_MALWARE_FILE_PATH> <OUTPUT_HTML_PATH>

then open:

output.html & output2.html

Source: https://github.com/bunseokbot

Tags: Android Applications, anti-malware, apk tools, dynamic-analysis, Malware Analysis, Mobile Security, static analysis

Archives

androtools is Android malware static & dynamic analysis tool optimized for automated analysis