Date: 07/18/2024
Severity: High
Summary
This article explores recent BadPack Android malware samples and how their altered headers hinder malware analysis. We also evaluate the effectiveness of free tools for analyzing BadPack APK files. The rise of malicious Android apps is partly due to APK samples being maliciously packaged as BadPack files.
Indicators of Compromise (IOC) List
Hash |
0003445778b525bcb9d86b1651af6760da7a8f54a1d001c355a5d3ad915c94cb
015bd2e799049f5e474b80cbbdcd592ce4e2dfbfae183bada86a9b6ec103e25e
131135a7c911bd45db8801ca336fc051246280c90ae5dafc33e68499d8514761
90c41e52f5ac57b8bd056313063acadc753d44fb97c45c2dc58d4972fe9f9f21 |
Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection
Hash |
sha256hash IN ("131135a7c911bd45db8801ca336fc051246280c90ae5dafc33e68499d8514761","0003445778b525bcb9d86b1651af6760da7a8f54a1d001c355a5d3ad915c94cb","90c41e52f5ac57b8bd056313063acadc753d44fb97c45c2dc58d4972fe9f9f21","015bd2e799049f5e474b80cbbdcd592ce4e2dfbfae183bada86a9b6ec103e25e") |
Reference:
https://unit42.paloaltonetworks.com/apk-badpack-malware-tampered-headers/