DroidDetective – A Machine Learning Malware Analysis Framework For Android Apps

A machine learning malware analysis framework for Android apps. DroidDetective is a Python tool for analysing Android applications (APKs) for potential malware related behaviour and configurations. When provided with a path to an application (APK file) Droid Detective will make a prediction (using it’s ML model) of if the application is malicious. Features and qualitiesRead More

Lupo – Malware IOC Extractor. Debugging Module For Malware Analysis Automation

Debugging module for Malware Analysis Automation For a step by step post on how to use Lupo, with images and instructions, please see this post: https://medium.com/@vishal_thakur/lupo-malware-ioc-extractor-cc86ae76b85d Introduction Working on security incidents that involve malware, we come across situations on a regular basis where we feel the need to automate parts of the analysis process asRead More

CAPEv2 – Malware Configuration And Payload Extraction

CAPE is a malware sandbox. It was derived from Cuckoo with the goal of adding automated malware unpacking and config extraction – hence its name is an acronym: ‘Config And Payload Extraction’. Automated unpacking allows classification based on Yara signatures to complement network (Suricata) and behavior (API) signatures. There is a free community instance onlineRead More

DRAKVUF Sandbox – Automated Hypervisor-Level Malware Analysis System

DRAKVUF Sandbox is an automated black-box malware analysis system with DRAKVUF engine under the hood, which does not require an agent on guest OS. This project provides you with a friendly web interface that allows you to upload suspicious files to be analyzed. Once the sandboxing job is finished, you can explore the analysis resultRead More

Skrull – A Malware DRM, That Prevents Automatic Sample Submission By AV/EDR And Signature Scanning From Kernel

Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers that can run malware on the victim using the Process Ghosting technique. Also, launchers are totally anti-copy and naturally broken when got submitted. It’s a proof-of-concept of the talk of ROOTCON & HITCON 2021, checkRead More

PMAT-labs – Labs For Practical Malware Analysis And Triage

Welcome to the labs for Practical Malware Analysis & Triage. WARNING Read this carefully before proceeding. This repository contains live malware samples for use in the Practical Malware Analysis & Triage course (PMAT). These samples are either written to emulate common malware characteristics or are live, real world, “caught in the wild” samples. Both categoriesRead More

Jektor – A Windows User-Mode Shellcode Execution Tool That Demonstrates Various Techniques That Malware Uses

This utility focuses on shellcode injection techniques to demonstrate methods that malware may use to execute shellcode on a victim system Dynamically resolves API functions to evade IAT inclusion Includes usage of undocumented NT Windows API functions Supports local shellcode execution via CreateThread Supports remote shellcode execution via CreateRemoteThread Supports local shellcode injection via QueueUserAPCRead More

Qu1cksc0pe – All-in-One Static Malware Analysis Tool

This tool allows you to statically analyze Windows, Linux, OSX executables and APK files. You can get: What DLL files are used. Functions and APIs. Sections and segments. URLs, IP addresses and emails. Android permissions. File extensions and their names. And so on… Qu1cksc0pe aims to get even more information about suspicious files and helpsRead More