Reference no: EM132395349
CS 6262 - Network Security
Georgia Institute of Technology
Project: Malware Analysis
Android Malware
Scenario
• Analyzing Windows Malware
• You got a malware sample from the wild. Your task is to discover what the malware does by analyzing it
• How do you discover the malware's behaviors?
• Static Analysis
• Manual Reverse Engineering
• Programming binary analysis
• Dynamic Analysis
• Network behavioral tracing
• Run-time system behavioral tracing(File/Process/Thread/Registry)
• Symbolic Execution
• Fuzzing
• In our scenario, you are going to analyze the given malware with tools that we provide.
• These tools help you to analyze the malware with static and dynamic analysis.
• Objective
1. Find which server controls the malware (the command and control (C2) server)
2. Discover how the malware communicates with the command and control (C2) server
• URL and Payload
3. Discover what activities are done by the Linux malware
• Attack activities
Requirement
• Make sure that no malware traffic goes out from the virtual machine
• But, updating the malware (stage 2), and downloading the Linux malware (stage 3) must be allowed for us to understand the malware's behavior
• The command and control server is dead. You need to reconstruct it
• Use tools to reconstruct the server, then reveal hidden behaviors of the malware
• Analyze network traffic on the host, and figure out the list of available commands for the malware
• Analyze network traffic trace of the host, and figure out what malware does
• Write down your answer into assignment-questionnaire.txt
Android Malware Analysis
• Manifest Analysis
• Identifying suspicious components
• Static Analysis
• Search for C&C commands and trigger conditions
• Vet the app for any anti-analysis techniques that need to be removed.
• Dynamic analysis
• Leverage the information found via static analysis to trigger the malicious behavior.
Manifest Analysis
• Identify suspicious components
• Broadcast receivers registering for suspicious actions.
• Background services
Attachment:- Advanced Malware Analysis.rar