Investigating Goldream Behaviour Through Dynamic Analysis

• Main Author: Halizah, Saad
• Format: Thesis
• Language: English; English
• Published: 2013
• Subjects: T Technology (General); TK Electrical engineering. Electronics Nuclear engineering
• Online Access: http://eprints.utem.edu.my/id/eprint/16199/; https://plh.utem.edu.my/cgi-bin/koha/opac-detail.pl?biblionumber=90658

Smartphones have become more popular today and along with it Android Operating system also increasing rapidly. The Android OS is very popular because of their design where it is an open source design. So, it attracts people to use it because it is more convenient and easy. However, the openness of Android design also become it flaw because it not only attract Android user but also attacker for Android platform. Their openness design and it is easy to get their application have give advantages to attacker repackaged Android application and can upload the repackage application easily on Android market or any third party market. This brings to the increasing of android malware in the market. So, because of that reason it leads to the execution of this project where this project helps to understand how is the malware behavior and how its work especially about GoldDream malware. The method used to identify the malware behavior is by conducting a dynamic analysis technique. The behavior is being extract from the network traffic log and based on system call function. As conclusion, the behavior of GoldDream that can be identify from this research are the malware will create a database in user device which this database will log all the incoming and outgoing phone call plus with spying the incoming sms. Another behavior is it will upload the victim SIM, IMEI and IMSI information to their C&C server by embedded the information in HTTP URL.