If we unzip the sample and explore the
AndroidManifest.xml, we see that the entry pointcom.sdktools.android.MainActivityis not found in the code of the sample. This an indication of a packed sample. You can identify the packing technique using droidlysis or APKiD. If we use droidlysis, We can see the it the sample usesDexClassLoader, malware usesJsonPackerpacker. So we need to get the decrypted payload of the sample. We will use Frida to get the decrypted payload. We will install the sample on the Android studio as an emulator and by using WSL on my host we will launch Frida to start the malicious APP to get the payload. Then we pull the payload to our host from the emulator. Technical analysis of Hydra Android malware
so.cl
Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer
Nickname: