chameleon | 9506de40344618d471730d70077d7f12e18b174fa52d7f6a32c040be6c9f800c

Analysis

max time kernel
3055275s
max time network
154s
platform
android_x64
resource
android-x64-arm64-20231023-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231023-enlocale:en-usos:android-11-x64system
submitted
09/11/2023, 22:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9506de40344618d471730d70077d7f12e18b174fa52d7f6a32c040be6c9f800c.apk
Size

3.5MB
MD5

f611da9e2d55f8b99049a0668852d107
SHA1

433138f65255081d1bb07a7eb4580f0392019a97
SHA256

9506de40344618d471730d70077d7f12e18b174fa52d7f6a32c040be6c9f800c
SHA512

fb457cda4516ae3538b3fdb16f26528b1dd21c69c8fe7025fdc7a0c136d1d3a66f8bbcd52bf232504fa62bad9e2a06539ff0ca2af2935890bd0f098baf24195b
SSDEEP

49152:xQgy7OOnkWRJzGQ/dgLMLTPJ8PenfNOptT/ez8WwVsV+TFIff0zObe:xQgyiwpRZ/SGiONOPo8W6EfSObe

Score

10^/10

chameleon banker evasion infostealer ransomware trojan

Malware Config

Signatures

Chameleon
Chameleon is an Android banking trojan first seen in 2023.
trojan infostealer banker chameleon

Chameleon payload 1 IoCs

resource	yara_rule
behavioral3/memory/4387-0.dex	family_chameleon

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.fiction.document/app_DynamicOptDex/hy.json	4387	com.fiction.document

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

ransomware

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.fiction.document

Checks the presence of a debugger.
evasion

com.fiction.document
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:4387

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.fiction.document/app_ACRA-unapproved/.stacktrace

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/data/user/0/com.fiction.document/app_DynamicOptDex/hy.json

Filesize
818KB

MD5
5e2634cd3de1cc72f3e65b5c07048111

SHA1
f843a48f250bd6c589ff8e317f5acfe6df7e63fd

SHA256
346186c7e3104c2dbd4f7e7385b4c4e4d8172ff72b67d21940bec34108929315

SHA512
39fe313daf83f3892bd43170f2b05f36f09239e430217fc3826dc26b07480fc7a3e17270e88807025148e01247ed80d76bfd4e85c270efd2b9e4fa24fd8a3cae

Download Submit
/data/user/0/com.fiction.document/app_DynamicOptDex/hy.json

Filesize
818KB

MD5
a3e750fba7d446fd6eb60a1096354dca

SHA1
dc1b8c2f5b0dd728608cc2507a1e3ea43c0bb5f9

SHA256
ad2d27947f1e0aeffe54b9a9ba4bac28eb149959e5bfb15868b68e8c96457e56

SHA512
2ffab2254021ac2064bf557cd1690f6774ae25d18f082c449dee78b0a818fe1d721e1fcd67a69c4172e531ccfd79d8251af78e6be54042378bfb686ac00c86a6

Download Submit
/data/user/0/com.fiction.document/app_DynamicOptDex/hy.json

Filesize
2.3MB

MD5
def62b23f7011a96ccf7342a9bb4f227

SHA1
cb71a49479bb732bd84f9901765cb088d3eaf593

SHA256
8dcf26818e2007ef8e5b720b573db481d1aae8061f704a6878d1a17dfa9a5ce8

SHA512
5429e85ea0653ff7867331fdb5a4240426f7d617d0fc0a9d1c745fdc9613024c9e477130b1f24f3ecd465bc2ed983ebe1a8f773ead96eb343985acf62f3e0899

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads