chameleon | 1b72da2cc6dfbd3360322fb265ea69b0716b679a13ef3d769b35a5dff628835d

Analysis

max time kernel
3055811s
max time network
164s
platform
android_x64
resource
android-x64-20231023.1-en
resource tags

androidarch:x64arch:x86image:android-x64-20231023.1-enlocale:en-usos:android-10-x64system
submitted
09/11/2023, 22:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1b72da2cc6dfbd3360322fb265ea69b0716b679a13ef3d769b35a5dff628835d.apk
Size

3.9MB
MD5

085e14bebb5cc8a11ea92c4ead4180f9
SHA1

d884ea202301c4816a60b50290ddb70d45739149
SHA256

1b72da2cc6dfbd3360322fb265ea69b0716b679a13ef3d769b35a5dff628835d
SHA512

c40a1aaf5170215056a5f4996bcb40e4a324672c03071af58acd5489a1a34a5f65b0b4400640d0571c2ef5f9e2894ee3f5ed430845bc99a763d231ee8bf6bd54
SSDEEP

98304:nyI2ZBRenSfQYwTe4N1/OPDZU4vcsVQF1ciM0HtkHq:RoeQQN95OLJks21qK

Score

10^/10

chameleon banker evasion infostealer ransomware trojan

Malware Config

Signatures

Chameleon
Chameleon is an Android banking trojan first seen in 2023.
trojan infostealer banker chameleon

Chameleon payload 1 IoCs

resource	yara_rule
behavioral2/memory/5001-0.dex	family_chameleon

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.roof.poverty/app_DynamicOptDex/bb.json	5001	com.roof.poverty

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

ransomware

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.roof.poverty

Checks the presence of a debugger.
evasion

com.roof.poverty
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:5001

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.roof.poverty/app_ACRA-unapproved/.stacktrace

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/data/data/com.roof.poverty/app_DynamicOptDex/bb.json

Filesize
773KB

MD5
e69a862b32549837acedd03dfb7eeeff

SHA1
591a1e924c9f809184f1e7a1afdbbd3b3e620324

SHA256
b35da60b6db0427a4dd60685b927fecefc684fcc46b065a83298b588cb8543e5

SHA512
5f03d5cfa485890ebd94844a1e94084176848ecbbf7f3e81934f05327f8f72608a34992daff2de7e8191c8a37ab32b850848490e1fdf65daf4000ef1b5d5baa5

Download Submit
/data/data/com.roof.poverty/app_DynamicOptDex/bb.json

Filesize
773KB

MD5
54bddfd9c3a1d7121660bb1a52e3c963

SHA1
6131f4cf193ea15a1d74d2e3844e0cfbe20c0882

SHA256
c55225d582f45d10121cc68fe4642c4e8480aa94062bc05a12eb2899a61018de

SHA512
edc98efb0776239abaffe745b66cd8c88288a06d65f81e461c028e99970b17974fa56f321624bb443c79db4a89adb772b82ac38fcc9568ef0da4b2d6c2f85531

Download Submit
/data/user/0/com.roof.poverty/app_DynamicOptDex/bb.json

Filesize
2.0MB

MD5
8e67b4190ca20b20c83dea0966ffd42e

SHA1
6fa48806b4447ab3206756b52911d6004a82c602

SHA256
b0959856ebc2c93888d1c712f32342ad1c6ffd7dd97597507a2ce9bdfd578ade

SHA512
b94f318a697069864098f91f30af5b71057b0f383e5b49f25be3587334cb1f8309d05a471593887b728a9693ef3c4bbece7326ddff248e3f5f306f19e0451e1c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads