Behavioural Android Malware Analysis in 5 minutes

by riker2000
GNU/Linux ◆ xterm ◆ bash 5918 views

droidbox

A dockerized DroidBox instance

Get it from the Docker Hub

Sourcecode is on GitHub

This is a ready to run Android sandbox enabling the user to run a dynamic analysis on an apk file. Create a ~/samples directory and copy you sample file in it.

Usage:

sudo docker run -it --rm -v ~/samples:/samples riker2000/droidbox /samples/filename.apk [duration in seconds]

VNC access:

This instance comes with a preinstalled VNC server allowing you to view and modify the emulator during the run. You have to forward the VNC port to your local host in order to connect you VNC client. SSH password is “droidbox”

ssh -L 5900:localhost:5900 root@$(cat ~/samples/ip.txt)

ADB access:

You can also forward Port 5554 and 5555 to connect to the emulator and use adb for further instrumentation and analysis.

ssh -L 5556:localhost:5554 -L 5557:localhost:5555 root@$(cat ~/samples/ip.txt)
adb kill-server
adb shell