Static and Dynamic Analysis.
In this blog i will be taking you through the tour of reversing the alleged malware app F-droid.
Analysis: Hammering off “F-droid” app
Hash’s:Hash’s of F-droid 1.10
Information about app :info. of App.
Certificate Info:Certificate Information shows 2 false signature.
Obfuscation and Anti-VM Code:
App logs into the sensitive information, has weak hash’s, sensitive to SQL injection, app files contains hard-coded usernames and passwords, consists of insecure RNG and discloses the IP address.
Activities Run by App:
Services run by App:
148[.]251[.]140[.]42 & 217[.]160[.]165[.]113
Communicating Files with C2 Server:
C2 server of F-droid app is hosting many apps that are legit hacking tools malware.
That’s all for today.