Overview

overview

10

Static

static

7

9506de4034...0c.apk

android-9-x86

10

9506de4034...0c.apk

android-10-x64

10

9506de4034...0c.apk

android-11-x64

10

AlphaPresentForms.js

windows7-x64

1

AlphaPresentForms.js

windows10-2004-x64

1

BasicLatin.js

windows7-x64

1

BasicLatin.js

windows10-2004-x64

1

BoxDrawing.js

windows7-x64

1

BoxDrawing.js

windows10-2004-x64

1

CombDiactF...ols.js

windows7-x64

1

CombDiactF...ols.js

windows10-2004-x64

1

ControlPictures.js

windows7-x64

1

ControlPictures.js

windows10-2004-x64

1

CurrencySymbols.js

windows7-x64

1

CurrencySymbols.js

windows10-2004-x64

1

Cyrillic.js

windows7-x64

1

Cyrillic.js

windows10-2004-x64

1

EnclosedAlphanum.js

windows7-x64

1

EnclosedAlphanum.js

windows10-2004-x64

1

GeneralPunctuation.js

windows7-x64

1

GeneralPunctuation.js

windows10-2004-x64

1

GreekAndCoptic.js

windows7-x64

1

GreekAndCoptic.js

windows10-2004-x64

1

GreekBoldItalic.js

windows7-x64

1

GreekBoldItalic.js

windows10-2004-x64

1

GreekSSBoldItalic.js

windows7-x64

1

GreekSSBoldItalic.js

windows10-2004-x64

1

IPAExtensions.js

windows7-x64

1

IPAExtensions.js

windows10-2004-x64

1

Latin1Supplement.js

windows7-x64

1

Latin1Supplement.js

windows10-2004-x64

1

LatinExtendedA.js

windows7-x64

1

Analysis

  • max time kernel
    3055274s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20231023-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231023-enlocale:en-usos:android-9-x86system
  • submitted
    09/11/2023, 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9506de40344618d471730d70077d7f12e18b174fa52d7f6a32c040be6c9f800c.apk

  • Size

    3.5MB

  • MD5

    f611da9e2d55f8b99049a0668852d107

  • SHA1

    433138f65255081d1bb07a7eb4580f0392019a97

  • SHA256

    9506de40344618d471730d70077d7f12e18b174fa52d7f6a32c040be6c9f800c

  • SHA512

    fb457cda4516ae3538b3fdb16f26528b1dd21c69c8fe7025fdc7a0c136d1d3a66f8bbcd52bf232504fa62bad9e2a06539ff0ca2af2935890bd0f098baf24195b

  • SSDEEP

    49152:xQgy7OOnkWRJzGQ/dgLMLTPJ8PenfNOptT/ez8WwVsV+TFIff0zObe:xQgyiwpRZ/SGiONOPo8W6EfSObe

Score
10/10
chameleonbankerevasioninfostealerransomwaretrojan

Malware Config

Signatures

  • Chameleon

    Chameleon is an Android banking trojan first seen in 2023.

    trojaninfostealerbankerchameleon
  • Chameleon payload 2 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Removes a system notification. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.fiction.document
    1⤵
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Removes a system notification.
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4301
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.fiction.document/app_DynamicOptDex/hy.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.fiction.document/app_DynamicOptDex/oat/x86/hy.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4333

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.fiction.document/app_DynamicOptDex/hy.json
    Filesize

    818KB

    MD5

    5e2634cd3de1cc72f3e65b5c07048111

    SHA1

    f843a48f250bd6c589ff8e317f5acfe6df7e63fd

    SHA256

    346186c7e3104c2dbd4f7e7385b4c4e4d8172ff72b67d21940bec34108929315

    SHA512

    39fe313daf83f3892bd43170f2b05f36f09239e430217fc3826dc26b07480fc7a3e17270e88807025148e01247ed80d76bfd4e85c270efd2b9e4fa24fd8a3cae

    Download Submit

  • /data/data/com.fiction.document/app_DynamicOptDex/hy.json
    Filesize

    818KB

    MD5

    a3e750fba7d446fd6eb60a1096354dca

    SHA1

    dc1b8c2f5b0dd728608cc2507a1e3ea43c0bb5f9

    SHA256

    ad2d27947f1e0aeffe54b9a9ba4bac28eb149959e5bfb15868b68e8c96457e56

    SHA512

    2ffab2254021ac2064bf557cd1690f6774ae25d18f082c449dee78b0a818fe1d721e1fcd67a69c4172e531ccfd79d8251af78e6be54042378bfb686ac00c86a6

    Download Submit

  • /data/data/com.fiction.document/databases/ffffffff-9c5a-4905-0000-00004ee177b2.db
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.fiction.document/databases/ffffffff-9c5a-4905-0000-00004ee177b2.db-journal
    Filesize

    512B

    MD5

    68c5ee49e5debb6fe6ac95a0c51d93a3

    SHA1

    3e77f3d48b315ac28bf501613ea1f5571890e02c

    SHA256

    0214427274be6778f70445c6c1ef8ee0f5fca24ef1c02f5cb87146f7737fd3c4

    SHA512

    6a7110af934683c47a256b3a6e9e71eb6c9e5a0718f2bb9c5992e83131e98496b00e800fc6b4faa782395b3f130a08e9356701a92f9841f60e0b2dd6b17c98cf

    Download Submit

  • /data/data/com.fiction.document/databases/ffffffff-9c5a-4905-0000-00004ee177b2.db-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.fiction.document/databases/ffffffff-9c5a-4905-0000-00004ee177b2.db-wal
    Filesize

    60KB

    MD5

    919c91f0f42298296f6eb9910fcc8661

    SHA1

    1e2ad17d9f42f270fb76a125bd2c4b0bc0749bc6

    SHA256

    56544e12ccd311314db53ae619c827b751035b2ea2b72c0d36d903175f70c8c9

    SHA512

    a53ee5eeab8c216eb5cb5730a828308df59e54a01e4d070163bc6b0c2643fc8790d5b5c08fbb2551af9a3907bd810e6a19452ba6ca97fa65c3b474857acd6822

    Download Submit

  • /data/user/0/com.fiction.document/app_DynamicOptDex/hy.json
    Filesize

    2.3MB

    MD5

    0eadb4e22072da2b842ae81c0a15eb6d

    SHA1

    c8ff973348bffff8625042a197eb5b7392448012

    SHA256

    452ada9f909b9bcf39cf369f43c31d06a56e6d835c43fed7a40b89041e38038a

    SHA512

    f154050d3dd17d6e7c840130286a75235e7ac91be1a1307974dd8b1d867209c8fa11646506a91878ec4ee34d4edd75708f0531adfc2eb544317b348a1e553f02

    Download Submit

  • /data/user/0/com.fiction.document/app_DynamicOptDex/hy.json
    Filesize

    2.3MB

    MD5

    def62b23f7011a96ccf7342a9bb4f227

    SHA1

    cb71a49479bb732bd84f9901765cb088d3eaf593

    SHA256

    8dcf26818e2007ef8e5b720b573db481d1aae8061f704a6878d1a17dfa9a5ce8

    SHA512

    5429e85ea0653ff7867331fdb5a4240426f7d617d0fc0a9d1c745fdc9613024c9e477130b1f24f3ecd465bc2ed983ebe1a8f773ead96eb343985acf62f3e0899

    Download Submit