Android Malware Analysis

The repository contains bash script files that woud install all the softwares needed for Cuckoo Droid for android malware analysis.

Usage

• Step 0: (Optional) install ubuntu 16.04 in your virtualbox. Total storage size would be about 50 GB.

  • http://releases.ubuntu.com/16.04/
  • https://www.virtualbox.org/
  • Note that after installation of our host system, insert Guest Additional CD image to get a normal screen size.

• Step1: install git and set global variables, and some tools

  sudo apt -y install git
  git config --global user.email "[email protected]"
  git config --global user.name "name"
  # (Optional)
  sudo apt -y install snap
  sudo snap install vscode --classic
  sudo apt -y install vim
  

• Step2: download our repo and run the first bash file

  git clone https://github.com/crystalwwj/AndroidMalware.git
  cd AndroidMalware/
  bash cuckoo_install_1.sh
  

  • After this step, manually setup, create the Android Virtual Machine named aosx with correct settings(see ref. https://cuckoo-droid.readthedocs.io/en/latest/installation/guest_android_avd/host/)

  cd android-sdk-linux/tools/
  ./android avd
  

  • Cancel the "Use Host GPU"
  • Click "OK"
  • Close Android Virtual Device (AVD) Manager

  Then run

  bash ~/AndroidMalware/cuckoo_install_2.sh
  

• Step3: Wait for the android phone starting completely and then execute

  bash ~/AndroidMalware/cuckoo_install_3.sh
  

  Then modify the setting the the phone. Please follow the following steps to set up the emulator.

  • Press settings->Security->screenlock->none
  • Press settings->Display->sleep->30 minutes
  • Start Generate contacts app
  • Start Supersuser app
  • Start Xposedinstaller app
  • In Modules, check both packages Droidmon , Android Blue Pill
  • Press Framework -> OK -> Install -> Allow -> Cancel (if it shows rooted fail -> Press install -> Cancel)
  • Press Soft reboot -> OK
  • After emulator restarted completely (don't close it).

• Step4: Turn off the emulator. Then run

  bash ~/AndroidMalware/cuckoo_install_4.sh
  

• Step5: Open the terminal, type:

  python ~/cuckoo/cuckoo.py -d
  

  Open another terminal, type:

  python ~/cuckoo/web_android/manage.py runserver 127.0.0.1:7000
  

• Step6: Open your browser at http://127.0.0.1:7000/ and test!!! (better changing the port)

Malware dataset

• Datasets can be downloaded from
  • https://iscxdownloads.cs.unb.ca/iscxdownloads/CICAndMal2017/APKs/?fbclid=IwAR0Amk2tR97Ap18F51v9PzS9CstcpZDphgzlAGJXde8oCgyXrxXjzWiF4Uk
  • https://github.com/ashishb/android-malware

Reference

• https://cuckoo.sh/docs/installation/host/installation.html
• https://github.com/idanr1986/cuckoo-droid/blob/master/README.md

Contact Info.

Jeremy R.L. JAHN B02901043 吳宛臻 B04901011

License

MIT