analisis infeksi malware jenis uapush...
TRANSCRIPT
ANALISIS INFEKSI MALWARE JENIS UAPUSH MENGGUNAKAN
METODE STATIC DAN BEHAVIOR PADA ANDROID
TUGAS AKHIR
Sebagai Persyaratan Guna Meraih Gelar Sarjana Strata 1
Teknik Informatika Universitas Muhammadiyah Malang
Disusun oleh:
MOHAMMAD KHAIRUL MASDUQI
201310370311202
JURUSAN TEKNIK INFORMATIKA
FAKULTAS TEKNIK
UNIVERSITAS MUHAMMADIYAH MALANG
2017
KATA PENGANTAR
Alhamdulillahirabbil’alamin, segala puji bagi Allah Subhanahuwa Ta’ala,
atas segala limpahan rahmat, hidayah dan karuniaNya sehingga penulis mampu
menyelesaikan tugas akhir ini sebagai salah satu syarat menyelesaikan studi
sarjana strata 1 di Teknik Informatika Universitas Muhammadiyah Malang.
Salam dan shalawat kepada Rasulullah Muhammad Shallallahu ‘Alaihi
Wasallam, beserta para keluarga, sahabat dan para pengikutnya hingga hari
Akhir. Semoga pula segala hal yang penulis lakukan berkaitan dengan skripsi ini
juga bernilai ibadah di sisi AllahSubhanahu wa Ta’ala. Amin.
Segenap kemampuan penulis telah dicurahkan dalam penyusunan tugas
akhir ini. Namun demikian, penulis sangat menyadari bahwa kesempurnaan
hanya milik Allah SWT. Sebagai makhluk ciptaannya tentulah diri penulis
memiliki banyak keterbatasan. Oleh karena itu, segala bentuk saran dan kritik
konstruktif senantiasa penulis harapkan agar di kemudian hari tulisan ini menjadi
lebih baik. Di akhir kata, penulis sangat berharap tulisan ini dapat bermanfaat di
hari kemudian bagi ilmu pengetahuan ataupun mampu meski hanya sekadar
menambah wawasan bagi siapa pun yang membaca tulisan ini.
Malang, Juli 2017
Penulis
Mohammad Khairul Masduqi
DAFTAR ISI
LEMBAR PERSETUJUAN................................................................................ ii
LEMBAR PENGESAHAN ............................................................................... iii
LEMBAR PERNYATAAN KEASLIAN .......................................................... iv
ABSTRAK .......................................................................................................... v
ABSTRACT ....................................................................................................... vi
LEMBAR PERSEMBAHAN...........................................................................vii
KATA PENGANTAR ..................................................................................... viii
DAFTAR ISI ...................................................................................................... ix
DAFTAR TABEL ............................................................................................. xii
DAFTAR GAMBAR ....................................................................................... xiii
DAFTAR GRAFIK .......................................................................................... xiv
BAB I PENDAHULUAN ................................................................................... 1
1.1 Latar belakang ................................................................................ 1
1.2 Rumusan masalah .......................................................................... 3
1.3 Batasan Masalah ............................................................................ 3
1.4 Tujuan Penelitian ........................................................................... 4
1.5 Metodologi ..................................................................................... 4
1.5.1 Studi Pustaka ............................................................................... 4
1.5.2 Studi Lapangan ........................................................................... 4
1.5.3 Analisis Kebutuhan .................................................................... 4
1.5.4 Desain dan Rancangan Sistem ................................................. 4
1.5.5 Implementasi Sistem .................................................................. 6
1.5.6 Pengujian dan Analisis Sistem ................................................. 6
1.5.7 Pembuatan Laporan .................................................................... 6
1.6 Sistematika Penulisan .................................................................... 7
BAB II LANDASAN TEORI ............................................................................. 8
2.1 Hasil Penelitian Terkait ................................................................. 8
2.1.1Mendeteksi ancaman malware terhadap keamanan
menggunakan static analisis ............................................................... 8
2.1.2 Deteksi malware android dengan mengkombinasikan analisis
static dan analisis dinamic .................................................................. 8
2.2 Malware ......................................................................................... 9
2.2.1 Jenis Malware ............................................................................. 9
2.3 Nokia Threat Intelligence Report – H1 2016 ................................. 11
2.3.1 Top 20 High level infections Malware .................................. 12
2.4 Memory Volatile .......................................................................... 13
2.5 Static Analisis dan Behavior Analisis malware ........................... 14
2.5.1 Behavior Analysis ................................................................... 14
2.5.2 Static Anlysis ........................................................................... 15
2.6 Digital Forensik ........................................................................... 15
2.6.1 Komponen Digital Forensik ................................................... 16
2.6.2 Tahapan Digital Forensik ........................................................ 17
2.6.2.1 Identifikasi bukti digital ........................................... 18
2.6.2.2 Penyimpanan bukti digital ........................................ 18
2.6.2.3 Analisis bukti digital ................................................. 18
2.6.2.4 Presentasi .................................................................... 19
2.6.3 Pendekatan Digital Forensik ................................................... 19
2.6.3.1 Kelebihan dan kekurangan analisis post mortem . 19
2.6.3.2 Kelebihan dan kekurangan analisis live respone .. 19
2.6.4 Malware Forensik..................................................................... 20
2.7 Volatility ....................................................................................... 20
2.7.1 Memory Volatil ....................................................................... 20
2.7.2 Memory Non Volatile ............................................................. 20
2.7.3 Data Volatile ............................................................................ 21
BAB III ANALISIS DAN PERANCANGAN SISTEM ................................. 23
3.1 Analisis . .......................................................................................23
3.1.1 Analisis Masalah ...................................................................... 23
3.1.2 Analisis Pemecahan Masalah ................................................ 23
3.2 Arsitektur Sistem ......................................................................... 25
3.2.1 Perancangan Arsitektur Behavior Analysis .......................... 26
3.2.2 Perancangan Aristektur Static Analysis ................................ 27
3.2.3 Perancangan Arsitekture Linux Host ..................................... 28
3.3 Flowchart alur sitem proses anlisa malware ................................ 23
3.3.1 Flowchart Behavior Analisis................................................... 29
3.3.2 Flowchart Static Analisis ......................................................... 30
3.4 Analisis Kebutuhan Sistem .......................................................... 31
3.4.1 Kebutuhan Perangkat Keras .................................................... 32
3.4.2 Kebutuhan Perangkat Lunak ................................................... 32
3.5 Analisis Image RAM ................................................................... 35
BAB IV IMPLEMENTASI DAN PENGUJIAN .............................................. 36
4.1 Implementasi Behavior analisis ................................................... 36
4.1.1 Configurasi dan menjalankan Emulator Android Mobile
Device .......................................................................................... 36
4.1.2 Konfigurasi dan menjalankan LiME dan Volatile memeory
extraction ............................................................................................. 37
4.1.3 Menjalankan Goldfish kernel .................................................. 38
4.1.4 Menjalankan LiME and Volatility for Goldfish kernel ....... 41
4.1.5 Analisis Image RAM ............................................................... 43
4.1.5.1 Analisis image RAM Uaphus pada android Jelly
Bean ....................................................................................44
4.1.5.2 Analisis image RAM Uaphus pada android Kitkat 46
4.1.5.3 Analisis image RAM Uaphus pada android
Lollipop ................................................................................49
4.1.6 Perbandingan Hasil Analisis ................................................... 52
4.1.5.1 Perbandingan karakteristik Uapush pada Android
Litkat dan Android Lollipop ................................................... 52
4.2 Implementasi Static analisis ......................................................... 53
4.2.1 Proses Analisis .......................................................................... 53
BAB V KESIMPULAN ...................................................................................56
5.1KESIMPULAN...............................................................................56
5.2 SARAN . .......................................................................................56
DAFTAR PUSTAKA ........................................................................................58
DAFTAR TABEL
Tabel 4.1 Analisis Image RAM Uapush pada android Jelly Bean ................. 44
Tabel 4.2 Analisis Jaringan Image RAM Uapush pada android Jelly Bean ... 44
Tabel 4.3 Analisis Pencurian Data Image RAM pada android Jelly Bean ..... 45
Tabel 4.4 Analisis Open files Image RAM Uapush pada android Jelly Bean 46
Tabel 4.5 Analisis PE injected Image RAM Uapush pada android Jelly Bean46
Tabel 4.6 Analisis Image RAM Uapush pada android Kitkat ......................... 47
Tabel 4.7 Analisis Jaringan Image RAM Uapush pada android Kitkat ........... 47
Tabel 4.8 Analisis Pencurian Data Image RAM pada android Kitkat ............. 48
Tabel 4.9 Analisis Open files Image RAM Uapush pada android Kitka ......... 48
Tabel 4.10 Analisis PE injected Image RAM Uapush pada android Kitkat ... 49
Tabel 4.11 Analisis Image RAM Uapush pada android Lollipop .................... 49
Tabel 4.12 Analisis Jaringan Image RAM Uapush pada android Lollipop ..... 49
Tabel 4.13 Analisis Pencurian Data Image RAM pada android Lollipop ........ 51
Tabel 4.14 Analisis Open files Image RAM Uapush pada android Lollipop . 51
Tabel 4.15 Analisis PE injected Image RAM Uapush pada android Lollipop 52
DAFTAR GAMBAR
Gambar 1.1 Peningkatan Global Market Share................................................... 1
Gambar 1.2 Rancangan Umum Skema Analisis ................................................. 5
Gambar 2.1 Top 20 malware infection (“Nokia Thread Intelligence Report –
H1 2016”) .......................................................................................................... 12
Gambar 2.2 Uapush.a (“Nokia Threat Intelligence Report – H1 2016”).. 13
Gambar 2.3 Komponen Digital Forensik .......................................................... 16
Gambar 2.4 Diagram Digital Forensik .............................................................. 17
Gambar 3.1 Arsitektur Sistem Secara Umum ................................................... 25
Gambar 3.2 Arsitektur Behavior Analysis ....................................................... 26
Gambar 3.3 Arsitektur Static Analisis .............................................................. 27
Gambar 3.4 Arsitektur Linux Host.................................................................... 28
Gambar 3.5 Flowchart Behavior Analisis ......................................................... 29
Gambar 3.6 Flowchart Static Analisis .............................................................. 30
Gambar 3.7 Gambar 3.8 Aplikasi Forensik ...................................................... 35
Gambar 4.1 Melihat Version Android Virtual Device (ADV) .......................... 38
Gambar 4.2 AVD:Compile Goldfish Kernel .................................................... 39
Gambar 4.3 Konfigurasi Kernel Enable Loadable Module .............................. 39
Gambar 4.4 Konfigurasi Kernel ModuleUnloading.......................................... 40
Gambar 4.5 Compile Goldfish Kernelr ............................................................. 40
Gambar 4.6 Source Code Make File LiME ...................................................... 41
Gambar 4.7 Source Code Make File Volatility ................................................. 42
Gambar 4.8 Compile LiME dan Membuat Volatility Profile ............................ 42
Gambar 4.9 LiME TCP Transfer ...................................................................... 42
Gambar 4.10 Start Volatility ............................................................................. 43
Gambar 4.11 Whois C&C server malware ....................................................... 45
Gambar 4.12 Whois C&C server malware ....................................................... 47
Gambar 4.13 Whois C&C server malware ....................................................... 50
Gambar 4.14 Detail permission file RealCalc.apk ............................................ 54
Gambar 4.15 Perintah Untuk Melihat IMEI dan IMSI ..................................... 54
Gambar 4.16 Pengiriman IMEI dan IMS .......................................................... 55
Gambar 4.17 Script IP dan Port C&C ............................................................... 55
DAFTAR GRAFIK
Grafik 4.1 Perbandingan malicious process Uapush ....................................... 52
DAFTAR PUSTAKA
[1] A. Kurniawan and Y. Prayudi, “Teknik Live Forensics Pada Aktivitas
Zeus Malware Untuk Mendukung Investigasi Malware Forensics,”
HADFEX (Hacking Digit. Forensics Expo, no. JUNE 2014, pp. 1–5,
2014.
[2] R. Novrianda, Y. N. Kunang, and P. H. Shaksono, “Analisis forensik
malware pada platform android,” 2014.
[3] P. Richardus and E. Indrajit, “Analisis Malware.”
[4] R. A. Pangestu, “Analisis Top 3 High Level Infections Malware
Zeroaccess, Alureon.dx, Dan Zeus Dengan Pendekatan Digital Forensik
Berdasarkan Memory Volatile Pada Sistem Operasi Windows Xp Dan
Windows 7,” Univ. Stuttgart, no. 9560291, pp. 2–4, 2014.
[5] N. Threat, I. Report, N. Security, N. Threat, and I. Laboratories, “Nokia
Threat Intelligence Report –,” 2016.
[6] S. H. Seo, A. Gupta, A. M. Sallam, E. Bertino, and K. Yim, “Detecting
mobile malware threats to homeland security through static analysis,” J.
Netw. Comput. Appl., vol. 38, no. 1, pp. 43–53, 2014.
[7] Y.-H. C. Ming-yang su, Kek-Tung Fung, Yu-Hao Huang, Ming-Zhi
Kang, “Detection of Android Malware: Combined with Static Analysis
and Dynamic Analysis,” IEEE, pp. 1013–1018, 2016.
[8] R. Adenansi and L. A. Novarina, “Malware dynamic,” vol. 1, pp. 37–43,
2017.
[9] M. F. Agung, “Konsep Dasar Malware Analysis,” 2011.
[10] B. Rahardjo, Hukum dan Dunia Cyber. 2003.
[11] J. D. M. Albert J. Marcella, Cyber Forensics:A Field Manual for
Collecting, Examining, and Preserving Evidence of Computer Crimes,
vol. XXXIII, no. 2. 2012.
[12] Muhammad Nuh Al-Azhar, Panduan Praktis Investigasi Komputer.
Salemba, 2012.
[13] Asrizal, “Digital Forensik,” Kemenag, 2010. [Online]. Available: e-
dokumen.kemenag.go.id/files/VQ2Hv7uT1339506324.pdf.
[14] R. McKemmish, “What is forensic computing?” Trends Issues Crime
Crim. Justice, vol. 118, no. 118, pp. 1–6, 1999.
[15] A. Syafa’at, “Tutorial Interaktif Instalasi Komputer Forensik,” vol. 1,
2007.
[16] Aa. W. Michael Hale Ligh, Andrew Case, Jamie Levy, The Art of
Memory Forensics: Detecting Malware and Threats in Windows, Linux,
and Mac Memory, vol. 1. 2014.
[17] C. Stamm, “The Senator Patrick Leahy Center for Digital Investigation
Champlain College,” 2012.