In this video, we unpack a packed APK using the Medusa framework and dynamic analysis.
Timestamps:
00:00 Intro
00:38 Opening Sample
02:04 Recap writing custom decryptor
03:24 Medusa Framework
05:22 Finding DexClassLoader in code
06:52 Running Medusa in a Docker container
08:29 Selecting Medusa modules
09:55 Compiling and running app
11:55 Exiting Medusa
12:33 Finding app folder
15:00 Pulling files from device
16:08 Checking dynamic classes.dex
17:56 Recap
---
Software Links Mentioned in Video:
JADX: https://github.com/skylot/jadx
Docker Medusa: https://github.com/LaurieWired/Medusa_Android_Docker
Medusa: https://github.com/Ch0pin/medusa
Docker Android: https://github.com/budtmo/docker-android
---
Malware Used in video:
sha256:387341d7438c649bf2345b751a9b5ed445651dfae1e1966e08977c0a4b129207
Link:
https://mega.nz/file/kZR2SLgB#Zl1t0VUIDsHkCaoyedeESFINBiLmU4ay3vTLh0-lWjQ
Password: malware123
---
laurieWIRED Twitter:
https://twitter.com/lauriewired
laurieWIRED Website:
http://lauriewired.com
laurieWIRED HN:
https://news.ycombinator.com/user?id=lauriewired
laurieWIRED Reddit:
https://www.reddit.com/user/LaurieWired