Android.Packed
Android.Packed.57146 is a Doctor Web detection name for an Android packer/obfuscator used to protect applications, including malicious ones, from detection and analysis. The provided content describes it as an obfuscator used to shield malware and notes that malicious apps containing this packer were among the most commonly detected on protected devices. It is explicitly associated with malicious Android applications and has been observed protecting some versions of the Android.SpyMax banking trojan. The content does not attribute the packer to a specific threat actor, infection vector, industry focus, or platform beyond Android, and does not provide specific indicators of compromise beyond the detection name itself.
Hunt this family in your stack
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
Recent activity
3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Commercial/third-party packer/obfuscator used to protect Android apps (including malware) from detection and analysis.
Commercial packer/obfuscation used to protect Android apps (including malware) from detection and analysis.
Obfuscator/packer used to protect applications (including malware) from analysis/detection; referenced as used with some Android.SpyMax banking trojan versions.
The version that knows your environment.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.