Skill

analyzing-android-malware-with-apktool

Performs static analysis of Android APK malware using apktool, jadx, and androguard to detect permissions, manifest components, suspicious APIs, and network indicators.

Android

Python

Java

security

mobile

npx claudepluginhub mukul975/anthropic-cybersecurity-skills --plugin cybersecurity-skills

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Android malware distributed as APK files can be statically analyzed to extract permissions, activities, services, broadcast receivers, and suspicious API calls without executing the sample. This skill uses androguard for programmatic APK analysis, identifying dangerous permission combinations, obfuscated code patterns, dynamic code loading, reflection-based API calls, and network communication ...

Supporting Assets

LICENSEreferences/api-reference.mdscripts/agent.py

SKILL.md

Similar Skills

applying-brand-guidelines

41.6k

Applies Acme Corporation brand guidelines including colors, fonts, layouts, and messaging to generated PowerPoint, Excel, and PDF documents.

3 files

anthropics-claude-cookbooks

creating-financial-models

41.6k

Builds DCF models with sensitivity analysis, Monte Carlo simulations, and scenario planning for investment valuation and risk assessment.

2 files

anthropics-claude-cookbooks

analyzing-financial-statements

41.6k

Calculates profitability (ROE, margins), liquidity (current ratio), leverage, efficiency, and valuation (P/E, EV/EBITDA) ratios from financial statements in CSV, JSON, text, or Excel for investment analysis.

2 files

anthropics-claude-cookbooks

Stats

Stars5748

Forks783

Last CommitApr 6, 2026

Actions

View Source View Plugin View on GitHub View README

Analyzing Android Malware with Apktool

Overview

When to Use

When investigating security incidents that require analyzing android malware with apktool
When building detection rules or threat hunting queries for this domain
When SOC analysts need structured procedures for this analysis type
When validating security monitoring coverage for related attack techniques

Prerequisites

Python 3.9+ with androguard
apktool (for resource decompilation)
jadx (for Java source recovery, optional)
Isolated analysis environment (VM or sandbox)
Sample APK files for analysis

Steps

Parse APK with androguard to extract manifest metadata
Enumerate requested permissions and flag dangerous combinations
List activities, services, receivers, and providers from manifest
Scan for suspicious API calls (reflection, crypto, SMS, telephony)
Detect dynamic code loading patterns (DexClassLoader, Runtime.exec)
Extract hardcoded URLs, IPs, and C2 indicators from strings
Generate risk assessment report with MITRE ATT&CK mobile mappings

Expected Output

JSON report with permission analysis, component listing, suspicious API calls, network indicators, and risk score
Extracted strings and potential IOCs from the APK