Part 6 of our Android Banker Deep Dive! In this video, we inspect multiple class entrypoints defined in the Manifest of the application to clean up and summarize their behavior.


In this [RE]laxing new series, I fully reverse a difficult Android Banker trojan from start to finish.

These extensive "Deep Dive" segments concentrate on dissecting malware specimens and delving into the individual approaches employed to fully reverse them. Throughout the journey, I attempt to provide explanations of my techniques as much as possible, however, if any ambiguities arise, please feel free to post a comment below.

Timestamps:
00:00 Intro
00:39 Begin Analysis
01:19 Naming Activities
03:23 JADX Decompliation Settings
05:11 Service Investigation
08:17 Decoding Strings
09:55 Cleaning up Classes
13:25 More String Decoding!
17:35 Receivers
18:27 More Activites and Classes
21:47 Fixing Nested Classes
25:47 Editing Shared Preferences
27:20 Recap



Software Links Mentioned in Video:
JADX: https://github.com/skylot/jadx



Malware Examined in the video (Banker/Anubis):
sha256:cae0c0d33e68be9cf81099680b815eb714d8296cb219b7a6247f7f081820f39a


laurieWIRED Twitter:
  / lauriewired  

laurieWIRED Website:
http://lauriewired.com

laurieWIRED Github:
https://github.com/LaurieWired

laurieWIRED HN:
https://news.ycombinator.com/user?id=...

laurieWIRED Reddit:
  / lauriewired