In this lab, you will step into the role of a digital forensic investigator tasked with uncovering the details of a significant data breach at BrightWave Company. The incident was triggered by an employee’s poor security practices, which allowed an attacker to infiltrate the organization and exfiltrate sensitive data. The investigation revealed that the compromised employee had a habit of storing credentials in a notes app on his phone and frequently downloading APK files from untrusted sources, raising concerns about malware involvement.
Your mission is to analyze an Android device dump and uncover evidence of malicious activity. Using powerful tools such as ALEAPP, JADx, and CyberChef, you will explore the malware downloaded by the attacker, identify its exact functionality, and determine how it compromised the system. Through this investigation, you will examine tactics such as credential access, data collection, execution, and exfiltration, gaining valuable insights into the attacker’s methods.
This walkthrough will guide you through the process of dissecting the malware, analyzing its behavior, and revealing how it facilitated the breach, while reinforcing critical skills in endpoint intelligence and mobile forensics.