Android malware analysis: preparation

Android malware analysis: preparation

Installing Android on the Virtual Machine

ยท

4 min read

This is a first article from Malware Analysis series where I'm presenting how you can safely grab the malicious code and by using various techniques like decompiling and deobfuscation see what it is doing. In these series, you are going to see different approaches and solutions that are used to bypass antivirus and other threat defenses, learn how to approach payloads and hopefully recognize common patterns that are reused by malicious actors. Enjoy!


Contents

  1. Download ISO
  2. Create Virtual Machine
  3. Install Android system
  4. Network
  5. Snapshots
  6. Additional readings

๐Ÿ”” CyberEthical.Me is maintained purely from your donations - consider one-time sponsoring with the Sponsor button or ๐ŸŽ become a Patron which also gives you some bonus perks. Join our Discord Server!

Download ISO

In this guide I'm using the Virtual Box, but you can use any other virtualization software.

Go to the official Android x86 project site - download page will list a few mirrors from which you can choose from. After navigating to the mirror site, Grab the Android ISO version you are interested in.

I'm downloading a 9.0 R2 version from Open Source Development Network.

2021-09-18-12-35-02.png

When download finished, verify the SHA-256 hash.

See: Why MD5 and SHA-1 are considered no longer trustworthy.

See Verifying hash of the downloaded file

Back to top โคด

Create Virtual Machine

Open Virtual Box and click New.

2021-09-18-17-06-52.png

Choose Linux 2.6/3.x/4.x (32-bit) or Linux 2.6/3.x/4.x (64-bit).

2021-09-18-17-08-10.png

Set 4GB RAM.

2021-09-19-14-35-30.png

Leave the default Create a virtual hard drive now.

2021-09-18-17-12-19.png

Leave VDI and dynamic allocation. Assign 8GB (default) size.

2021-09-18-17-13-01.png 2021-09-18-17-15-36.png

If possible save the disk file on the SSD. I've encountered significant slowliness when I initialy have it on the HDD.

Install Android system

Run the virtual machine and mount the ISO you have previously downloaded.

2021-09-18-17-20-48.png

Click Start. Choose installation option. Select Create/Modify partitions by pressing C.

2021-09-18-17-31-30.png

Decline GUID Partition Table usage.

2021-09-18-17-32-27.png

Create a new primary partition from the entire free space. 2021-09-18-17-59-15.png 2021-09-18-18-00-15.png

Mark it as a bootable and Write. Type yes confirming choices and wait until process is completed.

2021-09-18-18-01-19.png

Quit - you will be back at partition selection screen.

2021-09-18-18-05-06.png

Select the newly created partition.

2021-09-18-18-31-06.png

Format it using ext4 and confirm selection. 2021-09-19-00-48-04.png

Install GRUB.

2021-09-19-01-36-54.png

Make /system directory read/write. 2021-09-19-01-37-47.png

After installation is completed, it doesn't matter what you will choose because GRUB will appear either way.

2021-09-19-02-42-35.png 2021-09-19-08-10-05.png

Back to top โคด

Common issue: no GUI

When booting for the first time, you could have two issues

  • system is not booting at all
  • Android is booting to shell

2021-09-19-08-38-49.png

Solution for this is setting graphics controller to VBoxVGA (Settings -> Display -> Screen) and disable 3D acceleration. 2021-09-19-08-40-54.png

Do you like what you see? Join the Hashnode.com now and start publishing. Things that are awesome:
โœ” Automatic GitHub Backup
โœ” Write in Markdown
โœ” Free domain mapping
โœ” CDN hosted images
โœ” Free built-in newsletter service
โœ” Built-in blog monetizing through the Sponsor feature
By using my link, you can help me unlock the ambassador role, which cost you nothing and gives me some additional features to support my content creation mojo.

Back to top โคด

Network

By default, Virtual Box configures NAT, so you don't have to do any additional configuration. Upon entering the system, you will be allowed to select Wi-Fi Connection called VirtWifi. After connection is established, you are ready to go.

2021-09-19-13-17-41.png

Snapshots

Turn off the system and create a snapshot of the fresh state of the virtual machine. Do the same before any malicious software testing.

image.png

Back to top โคด

Additional readings

๐Ÿ“Œ Follow the #CyberEthical hashtag on the social media
๐ŸŽ Become a Patron and gain additional benefits
๐Ÿ‘พ Join CyberEthical Discord server
๐Ÿ‘‰ Instagram: @cyber.ethical.me
๐Ÿ‘‰ LinkedIn: CyberEthical.Me
๐Ÿ‘‰ Twitter: @cyberethical_me
๐Ÿ‘‰ Facebook: @CyberEthicalMe

Back to top โคด

Malware icon made by Eucalyp from flaticon.com

Did you find this article valuable?

Support Kamil Gierach-Pacanek by becoming a sponsor. Any amount is appreciated!

ย