Androrat APK Binder – One of the first android RATs

Spread the love

In this new article we will see how to install the RAT compiled in a virtual device with Android. Of course this step we can skip Androrat APK Binder¬†and install it directly on a table or a mobile with android operating system. But as they say “the tests with soda”. In a rough way, we are going to install a virtual environment where to perform different tests with this malware.

Emulators Running on a PC

Of course we have in the market different emulators running on a PC that allow us to install and run different applications compiled for Android.

These can be Free or “paid”, highlighting:

BlueStacks (http://www.bluestacks.com/)
Youwave (http://youwave.com/)
AndroidSDK (https://developer.android.com/sdk/index.html)
We opted for AndroidSDK system, for several reasons, the main thing is that with the same software we can emulate the different versions of android operating system, without having to make many changes.

What we should do is go to the https://developer.android.com/sdk/index.html page, and download the zip for our platform.

Once downloaded, we unzip it in a directory, and we must first add packages to be able to emulate the android. We must keep in mind that this tool is also designed to emulate the android to provide developers with a programming environment with libraries and utilities. In our case we will only install the minimum part for the emulation, the rest of tools and programs would not be necessary.

In the unzipped directory we run the program “SDK Manager.exe” which will open the tool to install modules of the SDK.

Androrat APK Binder

Androrat APK Binder. One of the first android RATs

The minimum that we must install is:

Android SDK Tools
Android SDK platform-tools
Android SDK Build-tools
And after each emulation the “SDK Platform” and the image of the type ARM, Intel x86 or MIPS

Click on the “Install packages …” button when we finish choosing the modules and after installing them it would be necessary to start the tool of handling of the virtual machines. To start this application, the easiest way is in the options bar above, under “Tools”, select “Manage AVDs …”.

We will open a new window of the management tool of the virtual machines.

To create a virtual machine press the button “New”, leaving a window like this:

We will have to choose or fill in a series of fields, such as the name of the virtual machine, the type of device we will emulate, the version of the Android Operating System to install Androrat APK Binder, the amount of memory, etc.

Once you have filled in the fields, click on the “OK” button, or “Create AVD” and create a new machine. After a while the new virtual machine will appear in the main window where we have created it. To start it simply click on the “Start” button after choosing the virtual machine. After a while we will get a screen similar to this one.

We must look at the number that appears in the upper left corner. This number (5554) is the port that will be used to send commands to the virtual machine via console.

To see the programs, configurations, etc, click on the middle icon below, that is a circle with 6 squares inside. This will take us to a screen with the programs that have installed by default.

We already have the virtual machine running, it would not be too bad, learn how to handle it, change pages, run applications, change some of the options, such as keyboard, language, etc.

Virtual Machines Emulate

These virtual machines emulate a 3G or mobile connection to access the Internet, in fact what it does is send all traffic through that virtual connection, which forwards it to the computer where it is installed using the routes and addresses of that computer to go to the Internet. Therefore, in order to see the traffic that the virtual machine sends, we have several options.

Put a sniffer on the machine in which the virtual machine is installed filtering the incoming and outgoing traffic of the virtual machine. It is the easiest way but we would lose the option of modifying the http / s calls that the programs could study.
Pass the traffic of the virtual machine by a proxy type Burp Suite or OWASP Zed Attack Proxy Project.
We are going to change the proxy of the virtual machine so that it sends the data to this application that will monitor them and will allow later to study them. For that we must go to the screen of the applications installed on the Android virtual machine. To go to that screen we can click on the button below the center which is a circle with 6 squares. A screen will appear in which we will look for an icon in which it puts the word “Settings” of Androrat APK Binder. In the case of not appearing in that first screen we will have to scroll for the next ones until that icon appears.

Leave a Reply

%d bloggers like this: