Analysis of an Android application which proxies requests and sends specific URLs accessed to remote advertising servers
** Find me at **
Twitter/X - https://twitter.com/CyberRaiju
Blog - https://www.jaiminton.com/
Mastodon - https://infosec.exchange/@CyberRaiju
** Timestamps **
00:00 - Finding an APK sample
00:23 - Checking VirusTotal
00:35 - Decompiling with JADX
00:59 - Understanding the Android Manifest
06:30 - Applications targeted
07:43 - Finding reflectively loaded application
08:49 - XOR decryption using VSCode
10:20 - Analysing reflectively loaded application
12:12 - Locating a masqueraded domain
13:55 - Britney Spears user agent indicator
16:01 - Build class information
17:01 - Hypothesis based on analysis
Sample:
https://bazaar.abuse.ch/sample/ff39849f7480c69dce1d2627a132561b09550670dae6455d6fbef04c026e3aac/
Credits:
SFX by Pixabay
Songs by TELL YOUR STORY music by ikson™
Link: https://ikson.com/tell-your-story
