all InfoSec news
Inside KangaPack: the Kangaroo packer with native decryption
Malware Analysis, News and Indicators - Latest topics malware.news
In this blog post, we unpack a malicious sample sha256: 2c05efa757744cb01346fe6b39e9ef8ea2582d27481a441eb885c5c4dcd2b65b . The core decryption of the payload is implemented at native level. I named the packer KangaPack (you’ll understand why when reading this article), it also goes under the name Packed.57103, I am unaware of any other name.
Teaser: from decompiled code, we’ll see exactly how the packer decrypts the payload, we’ll use JEB decompiler to decompile an ARM library, we’ll use ImHex with a DEX pattern …
article blog blog post code decryption malicious malware analysis name packer payload sample sha256 under understand