A collection of scripts to make a surface analysis of Roaming Mantis related malware families.
- Python 3.8+
- Poetry
git clone https://github.com/ninoseki/roamingmantis
cd roamingmantis
poetry install
- Features:
- Extract a hidden dex.
- Extract C2 destinations.
- Send a command to C2.
$ fakespy --help
Usage: fakespy [OPTIONS] COMMAND [ARGS]...
Options:
--install-completion Install completion for the current shell.
--show-completion Show completion for the current shell, to copy it or
customize the installation.
--help Show this message and exit.
Commands:
analyze-apk
send-command
fakespy analyze-apk /path/to/apk
You can send the following commands.
- GetMessage
- GetMessage2(
sendSms
) - GetMoreMessage(
sendAll
) - GetMoreConMessge(
sendCon
)
fakespy send-command GetMessage2 foo.bar.com
- Features:
- Extract a hidden dex.
- Extract C2 destinations.
- Extract URLs of phishing websites.
$ moqhao --help
Usage: main.py [OPTIONS] PATH
Arguments:
PATH [required]
Options:
--extract-dex / --no-extract-dex
[default: True]
--install-completion Install completion for the current shell.
--show-completion Show completion for the current shell, to
copy it or customize the installation.
--help Show this message and exit.
moqhao /path/to/apk