Android - MalwareAnalysis.co

Android Malware Analysis Tools

Static Analysis

ClassyShark – Standalone android apps binary inspection tool.

StaCoAn – Mobile application static code analysis tool.

SmaliSCA – Smali static code analysis.

maldrolyzer – Simple framework to extract “actionable” data from Android malware (C&Cs, phone numbers, etc.).

Argus-SAF – Android application static analysis framework.

DroidRA – Taming reflection to support whole-program analysis of android apps.

Androwarn – Static code analyzer for malicious Android applications.

PScout – Android permission mapping tool.

APK-MiTM – CLI application that automatically prepares Android APK files for HTTPS inspection.

Super Android Analyzer – Secure, Unified, Powerful, and Extensible Rust Android Analyze.

Dynamic Analysis

AppMon – Automated framework for monitoring and tampering system API calls based on Frida.

DroidBox – Dynamic analysis of Android apps.

ConDroid – Execute specific code locations with no app manual interaction.

Wireshark – Network analysis tool.

tcpdump – Network analysis tool.

MiTMProxy – An interactive SSL/TLS-capable intercepting HTTP proxy (great for HTTPS inspection).

Burp Suite – The free web proxy for any browser, system, or platform.

INetSim – Internet Services Simulation Suite.

Reverse Engineering

smali/baksmali – DEX disassembler.

AndroGuard – Python-based tool for Android application reverse engineering.

Apktool – Tool for disassembling, rebuilding, and reversing in an automated matter.

Dex2Jar – DEX to JAR conversion tool.

JD-GUI – Graphical utility that displays Java sources from CLASS files.

JadX – Dex to Java decompiler (command line and GUI).

Krakatau – Python-based decompiler and disassembler.

Procyon – Command-line Java-based decompilation tool.

CFR – Command-line Java-based decompiler and disassembler.

ndk-gdb – GDB Android debugging.

Frida – Dynamic instrumentation framework.

Dwarf – Full-featured multi-arch/os debugger built on top of PyQt5 and Frida.

JEB Decompiler – Android decompiler.

IDA Free/Pro – Disassembler and debugger.

radare2 – Free and open source disassembler and debugger.

Cutter – GUI for radare2.

Binary Ninja – A New Type of Reversing Platform.

Unpacking & Deobfuscation

Quark Engine – Obfuscation-Neglect Android malware scoring system.

DeGuard – Online Android deobfuscation tool.

Simplify – Generic Android deobfuscator.

Forensics

Andriller – Utility with a collection of forensic tools for smartphones.

Mem – Android process memory dumper.

dd – Hard drive and SD card forensics acquisition tool.

Autopsy – Hard drive and SD card forensics analysis tool.

LiME – Memory acquisition tool.

dwarfdump – Linux profile creation for Volatility.

Volatility – Memory forensics analysis framework.

Other

MobSF (Mobile Security Framework) – Malware analysis and security assessment framework capable of performing static and dynamic analysis.

MARA_Framework – Tool that puts together commonly used mobile application reverse engineering and analysis tools.

Cuckoo Sandbox – Free and open-source automated malware analysis sandbox.

Cuckoo-Droid – Cuckoo Sandbox extension for automated Android malware analysis.

Android Tamer – VM/Live OS for Android security research and analysis.

Vezir-Project – VM/Live OS for mobile security research and analysis.