otx.alienvault.com
Open in
urlscan Pro
13.32.121.88
Public Scan
URL:
https://otx.alienvault.com/pulse/66966fac237aaa1d4bc4fb61
Submission: On July 17 via api from NL — Scanned from NL
Submission: On July 17 via api from NL — Scanned from NL
Form analysis 0 forms found in the DOM
Text Content
× Loading... * Browse * Scan Endpoints * Create Pulse * Submit Sample * API Integration * Login | Sign Up All * Login | Sign Up * Share Actions Subscribers (280009) Suggest Edit Clone Embed Download Report Spam BEWARE OF BADPACK: ONE WEIRD TRICK BEING USED AGAINST ANDROID DEVICES * Created 23 hours ago by AlienVault * Public * TLP: White The report examines the recent trend of BadPack Android malware, which utilizes tampered headers to obstruct analysis tools. It explores the effectiveness of various freely available utilities for analyzing BadPack Android Package Kit (APK) files. The report dissects the structure of APK files and how malware authors manipulate local and central directory headers to evade detection. Additionally, it traces the Android codebase implementation responsible for the discrepancy between analysis tools and the Android runtime regarding BadPack APK extraction. The analysis provides insights into the manifestation of the BadPack technique and its impact on popular Android reverse engineering tools. Reference: https://unit42.paloaltonetworks.com/apk-badpack-malware-tampered-headers/ Tags: apk, BadPack, android Malware Families: BianLian , Cerberus , TeaBot Att&ck IDs: T1059.007 - JavaScript , T1036.005 - Match Legitimate Name or Location , T1543.003 - Windows Service , T1497.001 - System Checks , T1082 - System Information Discovery , T1195 - Supply Chain Compromise , T1583.001 - Domains , T1036.004 - Masquerade Task or Service , T1064 - Scripting , T1059.001 - PowerShell , T1027 - Obfuscated Files or Information , T1195.002 - Compromise Software Supply Chain , T1036.003 - Rename System Utilities , T1518.001 - Security Software Discovery , T1564.003 - Hidden Window , T1059.006 - Python , T1071.001 - Web Protocols , T1059.005 - Visual Basic , T1518 - Software Discovery , T1574.002 - DLL Side-Loading Endpoint Security Scan your endpoints for IOCs from this Pulse! Learn more * Indicators of Compromise (6) * Related Pulses (1) * Comments (0) * History (0) FileHash-MD5 (1)FileHash-SHA256 (4)FileHash-SHA1 (1) TYPES OF INDICATORS Show 10 25 50 100 entries Search: type indicator Role title Added Active related Pulses FileHash-MD59d5fe5b04c4cffa8d36c6e8abbd6c032Jul 16, 2024, 1:03:41 PM1FileHash-SHA1b32dce4faa11300de5e9eca3df518a35cde2f969Jul 16, 2024, 1:03:41 PM1FileHash-SHA2560003445778b525bcb9d86b1651af6760da7a8f54a1d001c355a5d3ad915c94cbJul 16, 2024, 1:03:41 PM1FileHash-SHA256015bd2e799049f5e474b80cbbdcd592ce4e2dfbfae183bada86a9b6ec103e25eJul 16, 2024, 1:03:41 PM1FileHash-SHA256131135a7c911bd45db8801ca336fc051246280c90ae5dafc33e68499d8514761Jul 16, 2024, 1:03:41 PM1FileHash-SHA25690c41e52f5ac57b8bd056313063acadc753d44fb97c45c2dc58d4972fe9f9f21Jul 16, 2024, 1:03:41 PM1 SHOWING 1 TO 6 OF 6 ENTRIES COMMENTS You must be logged in to leave a comment. Refresh Comments Loading Comments * © Copyright 2024 LevelBlue, Inc. * Legal * Status