Question 1

How to install Android Malware Sandbox on Ubuntu?

Accepted Answer

First, install Android Studio or the Android SDK to set up an AVD, then create a Python virtual environment, install dependencies with pip and npm, and configure the config.ini file with your emulator paths. The README provides step-by-step instructions for this setup.

Question 2

Android Malware Sandbox vs Cuckoo Sandbox for Android analysis?

Accepted Answer

Android Malware Sandbox is tailored for Android with built-in Frida hooks for anti-emulation bypass, making it quicker for dynamic analysis, while Cuckoo is a general-purpose sandbox that requires extensions for Android. Choose based on your need for Android-specific features versus a broader framework.

Question 3

How to add custom Frida hooks to monitor specific API calls?

Accepted Answer

Create a Python plugin in the plugin folder with functions like onload, onunload, parse, and get_frida_script, as specified in the README's hooking section. This allows you to define new scripts to intercept and log targeted API behaviors.

Question 4

Does Android Malware Sandbox support real Android devices?

Accepted Answer

No, it is designed to run analyses only in an Android Virtual Device or Docker container, not on physical devices. For real-device analysis, you would need to use other tools or modify the sandbox extensively.

Question 5

What malware families has this sandbox been tested on?

Accepted Answer

It has been tested on various families including apk.joker, apk.anubis, and apk.cerberus, among over 30 listed in the README's test section, covering a wide range of known Android threats for validation.

Question 6

How to generate and view reports after analysis?

Accepted Answer

After running an analysis, an HTML report is automatically generated, but for more details, you need to check the SQLite database or debug logs. The README notes that reporting is basic and requires improvement for better usability.

Android Malware Sandbox

What is Android Malware Sandbox?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions