Рет қаралды 1,767
Part 6 of our Android Banker Deep Dive! In this video, we inspect multiple class entrypoints defined in the Manifest of the application to clean up and summarize their behavior.
---
In this [RE]laxing new series, I fully reverse a difficult Android Banker trojan from start to finish.
These extensive "Deep Dive" segments concentrate on dissecting malware specimens and delving into the individual approaches employed to fully reverse them. Throughout the journey, I attempt to provide explanations of my techniques as much as possible, however, if any ambiguities arise, please feel free to post a comment below.
Timestamps:
00:00 Intro
00:39 Begin Analysis
01:19 Naming Activities
03:23 JADX Decompliation Settings
05:11 Service Investigation
08:17 Decoding Strings
09:55 Cleaning up Classes
13:25 More String Decoding!
17:35 Receivers
18:27 More Activites and Classes
21:47 Fixing Nested Classes
25:47 Editing Shared Preferences
27:20 Recap
---
Software Links Mentioned in Video:
JADX: github.com/skylot/jadx
---
Malware Examined in the video (Banker/Anubis):
sha256:cae0c0d33e68be9cf81099680b815eb714d8296cb219b7a6247f7f081820f39a
---
laurieWIRED Twitter:
/ lauriewired
laurieWIRED Website:
lauriewired.com
laurieWIRED Github:
github.com/LaurieWired
laurieWIRED HN:
news.ycombinator.com/user?id=...
laurieWIRED Reddit:
/ lauriewired