ANALISIS INFEKSI MALWARE JENIS UAPUSH MENGGUNAKAN

METODE STATIC DAN BEHAVIOR PADA ANDROID

TUGAS AKHIR

Sebagai Persyaratan Guna Meraih Gelar Sarjana Strata 1

Teknik Informatika Universitas Muhammadiyah Malang

Disusun oleh:

MOHAMMAD KHAIRUL MASDUQI

201310370311202

JURUSAN TEKNIK INFORMATIKA

FAKULTAS TEKNIK

UNIVERSITAS MUHAMMADIYAH MALANG

2017

KATA PENGANTAR

Alhamdulillahirabbil’alamin, segala puji bagi Allah Subhanahuwa Ta’ala,

atas segala limpahan rahmat, hidayah dan karuniaNya sehingga penulis mampu

menyelesaikan tugas akhir ini sebagai salah satu syarat menyelesaikan studi

sarjana strata 1 di Teknik Informatika Universitas Muhammadiyah Malang.

Salam dan shalawat kepada Rasulullah Muhammad Shallallahu ‘Alaihi

Wasallam, beserta para keluarga, sahabat dan para pengikutnya hingga hari

Akhir. Semoga pula segala hal yang penulis lakukan berkaitan dengan skripsi ini

juga bernilai ibadah di sisi AllahSubhanahu wa Ta’ala. Amin.

Segenap kemampuan penulis telah dicurahkan dalam penyusunan tugas

akhir ini. Namun demikian, penulis sangat menyadari bahwa kesempurnaan

hanya milik Allah SWT. Sebagai makhluk ciptaannya tentulah diri penulis

memiliki banyak keterbatasan. Oleh karena itu, segala bentuk saran dan kritik

konstruktif senantiasa penulis harapkan agar di kemudian hari tulisan ini menjadi

lebih baik. Di akhir kata, penulis sangat berharap tulisan ini dapat bermanfaat di

hari kemudian bagi ilmu pengetahuan ataupun mampu meski hanya sekadar

menambah wawasan bagi siapa pun yang membaca tulisan ini.

Malang, Juli 2017

Penulis

Mohammad Khairul Masduqi

DAFTAR ISI

LEMBAR PERSETUJUAN................................................................................ ii

LEMBAR PENGESAHAN ............................................................................... iii

LEMBAR PERNYATAAN KEASLIAN .......................................................... iv

ABSTRAK .......................................................................................................... v

ABSTRACT ....................................................................................................... vi

LEMBAR PERSEMBAHAN...........................................................................vii

KATA PENGANTAR ..................................................................................... viii

DAFTAR ISI ...................................................................................................... ix

DAFTAR TABEL ............................................................................................. xii

DAFTAR GAMBAR ....................................................................................... xiii

DAFTAR GRAFIK .......................................................................................... xiv

BAB I PENDAHULUAN ................................................................................... 1

1.1 Latar belakang ................................................................................ 1

1.2 Rumusan masalah .......................................................................... 3

1.3 Batasan Masalah ............................................................................ 3

1.4 Tujuan Penelitian ........................................................................... 4

1.5 Metodologi ..................................................................................... 4

1.5.1 Studi Pustaka ............................................................................... 4

1.5.2 Studi Lapangan ........................................................................... 4

1.5.3 Analisis Kebutuhan .................................................................... 4

1.5.4 Desain dan Rancangan Sistem ................................................. 4

1.5.5 Implementasi Sistem .................................................................. 6

1.5.6 Pengujian dan Analisis Sistem ................................................. 6

1.5.7 Pembuatan Laporan .................................................................... 6

1.6 Sistematika Penulisan .................................................................... 7

BAB II LANDASAN TEORI ............................................................................. 8

2.1 Hasil Penelitian Terkait ................................................................. 8

2.1.1Mendeteksi ancaman malware terhadap keamanan

menggunakan static analisis ............................................................... 8

2.1.2 Deteksi malware android dengan mengkombinasikan analisis

static dan analisis dinamic .................................................................. 8

2.2 Malware ......................................................................................... 9

2.2.1 Jenis Malware ............................................................................. 9

2.3 Nokia Threat Intelligence Report – H1 2016 ................................. 11

2.3.1 Top 20 High level infections Malware .................................. 12

2.4 Memory Volatile .......................................................................... 13

2.5 Static Analisis dan Behavior Analisis malware ........................... 14

2.5.1 Behavior Analysis ................................................................... 14

2.5.2 Static Anlysis ........................................................................... 15

2.6 Digital Forensik ........................................................................... 15

2.6.1 Komponen Digital Forensik ................................................... 16

2.6.2 Tahapan Digital Forensik ........................................................ 17

2.6.2.1 Identifikasi bukti digital ........................................... 18

2.6.2.2 Penyimpanan bukti digital ........................................ 18

2.6.2.3 Analisis bukti digital ................................................. 18

2.6.2.4 Presentasi .................................................................... 19

2.6.3 Pendekatan Digital Forensik ................................................... 19

2.6.3.1 Kelebihan dan kekurangan analisis post mortem . 19

2.6.3.2 Kelebihan dan kekurangan analisis live respone .. 19

2.6.4 Malware Forensik..................................................................... 20

2.7 Volatility ....................................................................................... 20

2.7.1 Memory Volatil ....................................................................... 20

2.7.2 Memory Non Volatile ............................................................. 20

2.7.3 Data Volatile ............................................................................ 21

BAB III ANALISIS DAN PERANCANGAN SISTEM ................................. 23

3.1 Analisis . .......................................................................................23

3.1.1 Analisis Masalah ...................................................................... 23

3.1.2 Analisis Pemecahan Masalah ................................................ 23

3.2 Arsitektur Sistem ......................................................................... 25

3.2.1 Perancangan Arsitektur Behavior Analysis .......................... 26

3.2.2 Perancangan Aristektur Static Analysis ................................ 27

3.2.3 Perancangan Arsitekture Linux Host ..................................... 28

3.3 Flowchart alur sitem proses anlisa malware ................................ 23

3.3.1 Flowchart Behavior Analisis................................................... 29

3.3.2 Flowchart Static Analisis ......................................................... 30

3.4 Analisis Kebutuhan Sistem .......................................................... 31

3.4.1 Kebutuhan Perangkat Keras .................................................... 32

3.4.2 Kebutuhan Perangkat Lunak ................................................... 32

3.5 Analisis Image RAM ................................................................... 35

BAB IV IMPLEMENTASI DAN PENGUJIAN .............................................. 36

4.1 Implementasi Behavior analisis ................................................... 36

4.1.1 Configurasi dan menjalankan Emulator Android Mobile

Device .......................................................................................... 36

4.1.2 Konfigurasi dan menjalankan LiME dan Volatile memeory

extraction ............................................................................................. 37

4.1.3 Menjalankan Goldfish kernel .................................................. 38

4.1.4 Menjalankan LiME and Volatility for Goldfish kernel ....... 41

4.1.5 Analisis Image RAM ............................................................... 43

4.1.5.1 Analisis image RAM Uaphus pada android Jelly

Bean ....................................................................................44

4.1.5.2 Analisis image RAM Uaphus pada android Kitkat 46

4.1.5.3 Analisis image RAM Uaphus pada android

Lollipop ................................................................................49

4.1.6 Perbandingan Hasil Analisis ................................................... 52

4.1.5.1 Perbandingan karakteristik Uapush pada Android

Litkat dan Android Lollipop ................................................... 52

4.2 Implementasi Static analisis ......................................................... 53

4.2.1 Proses Analisis .......................................................................... 53

BAB V KESIMPULAN ...................................................................................56

5.1KESIMPULAN...............................................................................56

5.2 SARAN . .......................................................................................56

DAFTAR PUSTAKA ........................................................................................58

DAFTAR TABEL

Tabel 4.1 Analisis Image RAM Uapush pada android Jelly Bean ................. 44

Tabel 4.2 Analisis Jaringan Image RAM Uapush pada android Jelly Bean ... 44

Tabel 4.3 Analisis Pencurian Data Image RAM pada android Jelly Bean ..... 45

Tabel 4.4 Analisis Open files Image RAM Uapush pada android Jelly Bean 46

Tabel 4.5 Analisis PE injected Image RAM Uapush pada android Jelly Bean46

Tabel 4.6 Analisis Image RAM Uapush pada android Kitkat ......................... 47

Tabel 4.7 Analisis Jaringan Image RAM Uapush pada android Kitkat ........... 47

Tabel 4.8 Analisis Pencurian Data Image RAM pada android Kitkat ............. 48

Tabel 4.9 Analisis Open files Image RAM Uapush pada android Kitka ......... 48

Tabel 4.10 Analisis PE injected Image RAM Uapush pada android Kitkat ... 49

Tabel 4.11 Analisis Image RAM Uapush pada android Lollipop .................... 49

Tabel 4.12 Analisis Jaringan Image RAM Uapush pada android Lollipop ..... 49

Tabel 4.13 Analisis Pencurian Data Image RAM pada android Lollipop ........ 51

Tabel 4.14 Analisis Open files Image RAM Uapush pada android Lollipop . 51

Tabel 4.15 Analisis PE injected Image RAM Uapush pada android Lollipop 52

DAFTAR GAMBAR

Gambar 1.1 Peningkatan Global Market Share................................................... 1

Gambar 1.2 Rancangan Umum Skema Analisis ................................................. 5

Gambar 2.1 Top 20 malware infection (“Nokia Thread Intelligence Report –

H1 2016”) .......................................................................................................... 12

Gambar 2.2 Uapush.a (“Nokia Threat Intelligence Report – H1 2016”).. 13

Gambar 2.3 Komponen Digital Forensik .......................................................... 16

Gambar 2.4 Diagram Digital Forensik .............................................................. 17

Gambar 3.1 Arsitektur Sistem Secara Umum ................................................... 25

Gambar 3.2 Arsitektur Behavior Analysis ....................................................... 26

Gambar 3.3 Arsitektur Static Analisis .............................................................. 27

Gambar 3.4 Arsitektur Linux Host.................................................................... 28

Gambar 3.5 Flowchart Behavior Analisis ......................................................... 29

Gambar 3.6 Flowchart Static Analisis .............................................................. 30

Gambar 3.7 Gambar 3.8 Aplikasi Forensik ...................................................... 35

Gambar 4.1 Melihat Version Android Virtual Device (ADV) .......................... 38

Gambar 4.2 AVD:Compile Goldfish Kernel .................................................... 39

Gambar 4.3 Konfigurasi Kernel Enable Loadable Module .............................. 39

Gambar 4.4 Konfigurasi Kernel ModuleUnloading.......................................... 40

Gambar 4.5 Compile Goldfish Kernelr ............................................................. 40

Gambar 4.6 Source Code Make File LiME ...................................................... 41

Gambar 4.7 Source Code Make File Volatility ................................................. 42

Gambar 4.8 Compile LiME dan Membuat Volatility Profile ............................ 42

Gambar 4.9 LiME TCP Transfer ...................................................................... 42

Gambar 4.10 Start Volatility ............................................................................. 43

Gambar 4.11 Whois C&C server malware ....................................................... 45

Gambar 4.12 Whois C&C server malware ....................................................... 47

Gambar 4.13 Whois C&C server malware ....................................................... 50

Gambar 4.14 Detail permission file RealCalc.apk ............................................ 54

Gambar 4.15 Perintah Untuk Melihat IMEI dan IMSI ..................................... 54

Gambar 4.16 Pengiriman IMEI dan IMS .......................................................... 55

Gambar 4.17 Script IP dan Port C&C ............................................................... 55

DAFTAR GRAFIK

Grafik 4.1 Perbandingan malicious process Uapush ....................................... 52

DAFTAR PUSTAKA

[1] A. Kurniawan and Y. Prayudi, “Teknik Live Forensics Pada Aktivitas

Zeus Malware Untuk Mendukung Investigasi Malware Forensics,”

HADFEX (Hacking Digit. Forensics Expo, no. JUNE 2014, pp. 1–5,

2014.

[2] R. Novrianda, Y. N. Kunang, and P. H. Shaksono, “Analisis forensik

malware pada platform android,” 2014.

[3] P. Richardus and E. Indrajit, “Analisis Malware.”

[4] R. A. Pangestu, “Analisis Top 3 High Level Infections Malware

Zeroaccess, Alureon.dx, Dan Zeus Dengan Pendekatan Digital Forensik

Berdasarkan Memory Volatile Pada Sistem Operasi Windows Xp Dan

Windows 7,” Univ. Stuttgart, no. 9560291, pp. 2–4, 2014.

[5] N. Threat, I. Report, N. Security, N. Threat, and I. Laboratories, “Nokia

Threat Intelligence Report –,” 2016.

[6] S. H. Seo, A. Gupta, A. M. Sallam, E. Bertino, and K. Yim, “Detecting

mobile malware threats to homeland security through static analysis,” J.

Netw. Comput. Appl., vol. 38, no. 1, pp. 43–53, 2014.

[7] Y.-H. C. Ming-yang su, Kek-Tung Fung, Yu-Hao Huang, Ming-Zhi

Kang, “Detection of Android Malware: Combined with Static Analysis

and Dynamic Analysis,” IEEE, pp. 1013–1018, 2016.

[8] R. Adenansi and L. A. Novarina, “Malware dynamic,” vol. 1, pp. 37–43,

2017.

[9] M. F. Agung, “Konsep Dasar Malware Analysis,” 2011.

[10] B. Rahardjo, Hukum dan Dunia Cyber. 2003.

[11] J. D. M. Albert J. Marcella, Cyber Forensics:A Field Manual for

Collecting, Examining, and Preserving Evidence of Computer Crimes,

vol. XXXIII, no. 2. 2012.

[12] Muhammad Nuh Al-Azhar, Panduan Praktis Investigasi Komputer.

Salemba, 2012.

[13] Asrizal, “Digital Forensik,” Kemenag, 2010. [Online]. Available: e-

dokumen.kemenag.go.id/files/VQ2Hv7uT1339506324.pdf.

[14] R. McKemmish, “What is forensic computing?” Trends Issues Crime

Crim. Justice, vol. 118, no. 118, pp. 1–6, 1999.

[15] A. Syafa’at, “Tutorial Interaktif Instalasi Komputer Forensik,” vol. 1,

2007.

[16] Aa. W. Michael Hale Ligh, Andrew Case, Jamie Levy, The Art of

Memory Forensics: Detecting Malware and Threats in Windows, Linux,

and Mac Memory, vol. 1. 2014.

[17] C. Stamm, “The Senator Patrick Leahy Center for Digital Investigation

Champlain College,” 2012.