Overview

overview

10

Static

static

7

1b72da2cc6...5d.apk

android-9-x86

10

1b72da2cc6...5d.apk

android-10-x64

10

1b72da2cc6...5d.apk

android-11-x64

10

HM_JsBridge.js

windows7-x64

1

HM_JsBridge.js

windows10-2004-x64

1

consentform.html

windows7-x64

1

consentform.html

windows10-2004-x64

1

Analysis

  • max time kernel
    3055829s
  • max time network
    130s
  • platform
    android_x86
  • resource
    android-x86-arm-20231023-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231023-enlocale:en-usos:android-9-x86system
  • submitted
    09/11/2023, 22:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1b72da2cc6dfbd3360322fb265ea69b0716b679a13ef3d769b35a5dff628835d.apk

  • Size

    3.9MB

  • MD5

    085e14bebb5cc8a11ea92c4ead4180f9

  • SHA1

    d884ea202301c4816a60b50290ddb70d45739149

  • SHA256

    1b72da2cc6dfbd3360322fb265ea69b0716b679a13ef3d769b35a5dff628835d

  • SHA512

    c40a1aaf5170215056a5f4996bcb40e4a324672c03071af58acd5489a1a34a5f65b0b4400640d0571c2ef5f9e2894ee3f5ed430845bc99a763d231ee8bf6bd54

  • SSDEEP

    98304:nyI2ZBRenSfQYwTe4N1/OPDZU4vcsVQF1ciM0HtkHq:RoeQQN95OLJks21qK

Score
10/10
chameleonbankerinfostealerransomwaretrojan

Malware Config

Signatures

  • Chameleon

    Chameleon is an Android banking trojan first seen in 2023.

    trojaninfostealerbankerchameleon
  • Chameleon payload 2 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.roof.poverty
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4276
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.roof.poverty/app_DynamicOptDex/bb.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.roof.poverty/app_DynamicOptDex/oat/x86/bb.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.roof.poverty/app_DynamicOptDex/bb.json
    Filesize

    773KB

    MD5

    e69a862b32549837acedd03dfb7eeeff

    SHA1

    591a1e924c9f809184f1e7a1afdbbd3b3e620324

    SHA256

    b35da60b6db0427a4dd60685b927fecefc684fcc46b065a83298b588cb8543e5

    SHA512

    5f03d5cfa485890ebd94844a1e94084176848ecbbf7f3e81934f05327f8f72608a34992daff2de7e8191c8a37ab32b850848490e1fdf65daf4000ef1b5d5baa5

    Download Submit

  • /data/data/com.roof.poverty/app_DynamicOptDex/bb.json
    Filesize

    773KB

    MD5

    54bddfd9c3a1d7121660bb1a52e3c963

    SHA1

    6131f4cf193ea15a1d74d2e3844e0cfbe20c0882

    SHA256

    c55225d582f45d10121cc68fe4642c4e8480aa94062bc05a12eb2899a61018de

    SHA512

    edc98efb0776239abaffe745b66cd8c88288a06d65f81e461c028e99970b17974fa56f321624bb443c79db4a89adb772b82ac38fcc9568ef0da4b2d6c2f85531

    Download Submit

  • /data/data/com.roof.poverty/databases/ffffffff-9c5a-4905-0000-00004ee177b2.db
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.roof.poverty/databases/ffffffff-9c5a-4905-0000-00004ee177b2.db-journal
    Filesize

    512B

    MD5

    75ee211428d7ccb7e0046a665ddbe0ad

    SHA1

    099713cdd4cf0621dd54e322dc84f38557e246e0

    SHA256

    bdc1ea6f659952b7e4daf9408474b7a3ca322ab0415ea07f92687df96c6960e6

    SHA512

    216b4b90afc6073d03a4d4deb1a58bbf92be3bc0d9bc0f4dc93789365801aec40b446e482b0d928d2ca677581fc3623844f8983785cd35912913e535eeff8d89

    Download Submit

  • /data/data/com.roof.poverty/databases/ffffffff-9c5a-4905-0000-00004ee177b2.db-shm
    Filesize

    28KB

    MD5

    cf845a781c107ec1346e849c9dd1b7e8

    SHA1

    b44ccc7f7d519352422e59ee8b0bdbac881768a7

    SHA256

    18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

    SHA512

    4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

    Download Submit

  • /data/data/com.roof.poverty/databases/ffffffff-9c5a-4905-0000-00004ee177b2.db-wal
    Filesize

    72KB

    MD5

    3e43b77efb9364e2980c4668ffcf4401

    SHA1

    ed7a6093dbbd4fe83b5c30e55746bc009a0c33ab

    SHA256

    da1ec7eb6c08b0b8f9a5a3dea328b774f8a7a2216e3228b91a29324b6bc5e920

    SHA512

    7d53a4f0cd8f4f6a6372ce85a73c8f7b44e1a305137c1350730200c2d4ddff902fc1cf3756855545b6cd2df2a1a00a29726c76e5ed90ac54c831910825393562

    Download Submit

  • /data/user/0/com.roof.poverty/app_DynamicOptDex/bb.json
    Filesize

    2.0MB

    MD5

    7a51da6784a6390b8e9ef09e8d44eab4

    SHA1

    812fb174c7e4f44971a2f8eacc2105bfe6dddc88

    SHA256

    dfb792bec42c4e29dc2016ef1c635f87ddbe764c501b2551183ba71833714107

    SHA512

    50da27d751f2a90d6d677fd035f934aa051ae2eab0514c6fbe3c9b604c530f6e2b5b3e504f336c704fccd4869d076563953e884b6669f78410d2445aa9638cbb

    Download Submit

  • /data/user/0/com.roof.poverty/app_DynamicOptDex/bb.json
    Filesize

    2.0MB

    MD5

    8e67b4190ca20b20c83dea0966ffd42e

    SHA1

    6fa48806b4447ab3206756b52911d6004a82c602

    SHA256

    b0959856ebc2c93888d1c712f32342ad1c6ffd7dd97597507a2ce9bdfd578ade

    SHA512

    b94f318a697069864098f91f30af5b71057b0f383e5b49f25be3587334cb1f8309d05a471593887b728a9693ef3c4bbece7326ddff248e3f5f306f19e0451e1c

    Download Submit