Analisis Malware Kwetza Menggunakan Metode Reverse Engineering

Khusnul, Fauziah (2024) Analisis Malware Kwetza Menggunakan Metode Reverse Engineering. Undergraduate Thesis thesis, Institut Teknologi Telkom Purwokerto.

[img] Text
COVER.pdf
Download (2MB)
[img] Text
ABSTRACT.pdf
Download (31kB)
[img] Text
ABSTRAK.pdf
Download (32kB)
[img] Text
BAB I.pdf
Download (167kB)
[img] Text
BAB II.pdf
Download (136kB)
[img] Text
BAB III.pdf
Download (476kB)
[img] Text
BAB IV.pdf
Restricted to Registered users only
Download (989kB)
[img] Text
BAB V.pdf
Download (35kB)
[img] Text
DAFTAR PUSTAKA.pdf
Download (152kB)
[img] Text
LAMPIRAN.pdf
Restricted to Registered users only
Download (522kB)

Abstract

The increase in malware attacks is very encouraging for Android users, because it allows users to download Android applications that are infected with malware. The impact caused by downloading this application is theft of sensitive data or accessing personal data. One method that attackers usually use is to insert a backdoor into the application. This research aims to determine the behavior of the kwetza malware after being installed on an Android device and to analyze code changes in the application before and after being infiltrated by the kwetza malware. This analysis is carried out manually and automatically by MobSF to determine changes or additions to code in applications that have been infiltrated by malware and then a comparison of the two analysis results is carried out. The attack was carried out by creating a backdoor using kwetza. The method used in this research is reverse engineering, which uses statistical analysis aimed at uncovering, reading and finding code that is suspected to be malware. The results obtained in this research were the addition of three permissions, namely WRITE_SETTINGS, READ_CALL_LOG, and ACCESS_COURSE_LOCATION, which were detected both manually and automatically. In the analysis manual there are the addition of two new classes, namely AssistActivity and AssistActivity1 in the class4.dex folder, where the code in these classes is used to carry out remote communication with the device, including reading and writing files, TCP network connections, as well as downloading and running dynamic classes at runtime. Although MobSF detects code changes and additions, it cannot detect the AssistActivity and AssistActivity1 classes which contain malware. Keywords: Malware, Kwetza, Backdoor, Reverse Engineering.

Item Type: Thesis (Undergraduate Thesis)
Subjects: T Technology > T Technology (General)
Divisions: Faculty of Informatics > Informatics Engineering
Depositing User: pustakawan ittp
Date Deposited: 03 Sep 2024 03:55
Last Modified: 03 Sep 2024 03:55
URI: http://repository.ittelkom-pwt.ac.id/id/eprint/11161

Actions (login required)

View Item View Item
Repository IT Telkom Purwokerto is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.