Android Malware Sandbox
This project provides a simple, configurable, and modulable sandbox for quickly sandboxing known or unknown families of Android Malware. Demo Installation: First, you'll need to install Android-Studio or something that can launch AVD. Then, you'll need to create the AVD you want to run the samples. Next, you'll need to install dependencies: python3 -m venv env source env/bin/activate apt install -y liblzma-dev pip install -r requirements.txt pip install frida-push npm install npm install -g frida-compile Then, you'll need to configure config.ini: Change adb_path and emulator_path with the path of your binaries. Next, you'll need to configure the emulator in config.ini: [EMULATOR] vm_name = Nexus_5X_API_28 snapshot_name = use_snapshot = no show_window = yes wipe_data = yes Change the output database file. There are many more options in the config file, feel free to change them. All is set up, you can now launch your analysis by using: python main.py <path-to-apks> To customize run, change settings in config.ini. Reporting: Once
FEATURES
SIMILAR TOOLS
A tool that extracts and deobfuscates strings from malware binaries using advanced static analysis techniques.
Intezer is a cloud-based malware analysis platform that detects and classifies malware using genetic code analysis.
Falcon Sandbox is a malware analysis framework that provides in-depth static and dynamic analysis of files, offering hybrid analysis, behavior indicators, and integrations with various security tools.
A binary analysis and management framework for organizing and analyzing malware and exploit samples, and creating plugins.
A static analysis tool for PE files that identifies potential malicious indicators through compiler detection, packing analysis, signature matching, and suspicious string identification.
An open source machine code decompiler that converts binary executables into readable C source code across multiple architectures and file formats.
A collaborative malware analysis framework with various features for automated analysis tasks.
Joe Sandbox Community provides automated cloud-based malware analysis across multiple OS platforms.
PINNED
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.
NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.