MobSF Framework

 

Download link : https://mobsf.github.io/ Github : https://github.com/MobSF/Mobile-Security-Framework-MobSF

Setup

github

Install the dependencies

sudo apt install python3-dev python3-venv python3-pip build-essential libffi-dev libssl-dev libxml2-dev libxslt1-dev libjpeg8-dev zlib1g-dev wkhtmltopdf

Note : Change the network adapter to NAT during the installation to access the internet in your REMnux machine.

sudo git clone https://github.com/MobSF/Mobile-Security-Framework-MobSF.git 

cd Mobile-Security-Framework-MobSF 

sudo ./setup.sh

This should install all the dependencies into your system

Now you can run

sudo ./run.sh 127.0.0.1:8000

This will give a web hosted interface on your localhost on port 8000

docker

docker pull opensecurity/mobile-security-framework-mobsf 

# Static Analysis Only 
docker run -it --rm -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest

Analysis

After opening the interface, we can transfer our malware sample to remnux. Also put the network Adapter back to the custom network which we were using.

Malware Sample : Malware.android.apk

Open the Browser interface of MobSF

After uploading and scanning, it automatically scans the sample.

Note : MobSF performs only static analyis on virtual machine and docker containers.

Checking the malware permissions

We can see many dangerous permissions the application requests.

We also understand that the apk has been generated by metasploit.

Apk certificate and hashes.