nimnas / droidbox

Automatically exported from code.google.com/p/droidbox
0 stars 0 forks source link

Problem with collecting log of a malware #63

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. Create an avd 4.1.2
2. ./startemu.sh droidbox_4.1.2
3. ./droidbox.sh 
/home/mobisec/Desktop/Malware_Sample/ScarePackage/com.android.locker.apk

What is the expected output? What do you see instead?

what i expect is to see the malware's log in json format.
what i see is "Failed to execute the application."

What version of the product are you using? On what operating system?

mobisec@evil:~/Desktop/Android/DroidBox_4.1.1$ uname -an
Linux evil 3.2.0-72-generic #107-Ubuntu SMP Thu Nov 6 14:24:56 UTC 2014 i686 
i686 i386 GNU/Linux
Android 12.04 LTS guest VM on Virtualbox 4.3.20, installed on Win 7 64bit.

Please provide any additional information below.

The problem accour only with this malware "ScarePackage" 
(com.android.locker.apk) that is possible to download from here:
http://contagiominidump.blogspot.it/2014/07/android-scarepackage-ransomware.html

Other malware runs fine. When i try to install it with droidbox it says that 
the execution has failed, but i can find the malware app installed on the 
android avd and if i run the app from the avd there is no problem and it runs 
fine.
I've tryed even with Android 4.0.3 but the result is the same.
I've do a log cat of the operation that droidbox do when i try to install the 
malware, you can see it here:

http://pastebin.com/wn50gSpZ

Other info and log:

mobisec@evil:~$ android list avd
Available Android Virtual Devices:
    Name: droidbox
    Path: /home/mobisec/.android/avd/droidbox.avd
  Target: Android 4.0.3 (API level 15)
 Tag/ABI: default/armeabi-v7a
    Skin: WVGA800
  Sdcard: 64M
---------
    Name: droidbox_4.1.2
    Path: /home/mobisec/.android/avd/droidbox_4.1.2.avd
  Target: Android 4.1.2 (API level 16)
 Tag/ABI: default/armeabi-v7a
    Skin: WVGA800
  Sdcard: 64M
mobisec@evil:~$ 

mobisec@evil:~/Desktop/Android/DroidBox_4.1.1$ ./startemu.sh droidbox_4.1.2
mobisec@evil:~/Desktop/Android/DroidBox_4.1.1$ ./droidbox.sh 
/home/mobisec/Desktop/Malware_Sample/ScarePackage/com.android.locker.apk

 ____                        __  ____
/\  _`\               __    /\ \/\  _`\
\ \ \/\ \  _ __  ___ /\_\   \_\ \ \ \L\ \   ___   __  _
 \ \ \ \ \/\`'__\ __`\/\ \  /'_` \ \  _ <' / __`\/\ \/'\
  \ \ \_\ \ \ \/\ \L\ \ \ \/\ \L\ \ \ \L\ \ \L\ \/>  </
   \ \____/\ \_\ \____/\ \_\ \___,_\ \____/ \____//\_/\_\
    \/___/  \/_/\/___/  \/_/\/__,_ /\/___/ \/___/ \//\/_/
Waiting for the device...
Installing the application 
/home/mobisec/Desktop/Malware_Sample/ScarePackage/com.android.locker.apk...
Running the component 
com.android.locker/com.android.locker.MainActivity$mainActivity...
Failed to execute the application.
mobisec@evil:~/Desktop/Android/DroidBox_4.1.1$ 

Original issue reported on code.google.com by sensor.e...@gmail.com on 4 Jan 2015 at 10:16

Attachments: