Technical analysis of Alien Android malware
If you opened the sample in JEB decompiler, you will find classes names are obfuscated and contains
nop
code which makes the analysis of the code more harder and it’s an indicator that the sample is packed. So we need to get the decrypted payload. We will use this script with Frida to get the payload. Technical analysis of Alien Android malware