Android Malware Analysis Overview: Reverse Engineering and Threat Actor Profiling Process
Hi everyone, I would like to share my way of doing Android malware analysis and investigation, definitely not the best methodology but sharing is caring. Dynamic Analysis Usually, I start with dynamic analysis (usually but most of the time I do it concurrently with static analysis) to understand the behavior of the malware & it easier to understand what is going on and it help me creating my mind map on how the malware execute and data I/O. Meanwhile, I use Burp Suite, ADB Logcat and interaction in emulator running concurrently and monitor the output the application generated and printed on the logcat. Why I do this? To observe its network activity, every HTTP connection it make to command and control (C2) server. Any log created and behavior of the malware. Tracing functionality of the malware, what logcat and system react to the application. I screenshot everything what is happening on the screen. Extract data generated by application. Running processes (ps, t