Overview

overview

10

Static

static

7

4dea018509...a3.apk

android-9-x86

10

4dea018509...a3.apk

android-10-x64

10

4dea018509...a3.apk

android-11-x64

10

closebutton.html

windows7-x64

1

closebutton.html

windows10-2004-x64

1

core_wrapper.js

windows7-x64

1

core_wrapper.js

windows10-2004-x64

1

lynx_core.js

windows7-x64

1

lynx_core.js

windows10-2004-x64

1

nd

ubuntu-18.04-amd64

slardar_bridge.js

windows7-x64

1

slardar_bridge.js

windows10-2004-x64

1

slardar_sdk.js

windows7-x64

1

slardar_sdk.js

windows10-2004-x64

1

template.js

windows7-x64

1

template.js

windows10-2004-x64

1

Analysis

  • max time kernel
    4178550s
  • max time network
    138s
  • platform
    android_x86
  • resource
    android-x86-arm-20231023-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231023-enlocale:en-usos:android-9-x86system
  • submitted
    22/11/2023, 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4dea0185093fca4b3cb1e6ba02c298643a70c93ddaad8c611bedc1b043716ea3.apk

  • Size

    3.2MB

  • MD5

    a049dbceccfa86726e2f4342cde65469

  • SHA1

    fa52ce57b566a53558fe0a80491e3144b0d82d26

  • SHA256

    4dea0185093fca4b3cb1e6ba02c298643a70c93ddaad8c611bedc1b043716ea3

  • SHA512

    cc9a3b03d1fcceb44205bba3dbde08f305bb57aee71c446d603faa34ca57a2731f0db389c467a5f62cd8a962a4163ad5c4bb3016c716088bba0be0e849d28c0f

  • SSDEEP

    98304:esYEcRLqWPvec6sGH4qNXZDjENQr6Qi3T9/HhX9xNa+6ZyPdlsWxTXxo2:esLwBec6sGYoJqF3B/9Pzxo2

Score
10/10
chameleonbankerinfostealerransomwaretrojan

Malware Config

Signatures

  • Chameleon

    Chameleon is an Android banking trojan first seen in 2023.

    trojaninfostealerbankerchameleon
  • Chameleon payload 1 IoCs
  • Checks Android system properties for emulator presence. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.flash.candy
    1⤵
    • Checks Android system properties for emulator presence.
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4320
    • sh
      2⤵
        PID:4351
        • /system/bin/sh /system/bin/pm list package -3
          3⤵
            PID:4369
            • cmd package list package -3
              4⤵
                PID:4385
          • sh
            2⤵
              PID:4407
              • cat /proc/self/cgroup
                3⤵
                  PID:4424

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • /data/data/com.flash.candy/app_DynamicOptDex/yuP.json
              Filesize

              649KB

              MD5

              51946985cd53d99b7f0bd7d8531f3a20

              SHA1

              bc14f73cbb3408489cad4aecd5a7b65a1c44921a

              SHA256

              d05117a21f934c3fe520ceba5212b34c70651ec77603a56c5449bf95ca92dc16

              SHA512

              1e7e6f39b12b18a49d7319d8217c3445e12d6f1b4aa22677020759a4cf81800c7e339e9cd0503cec48ac7ae3383a8eefd804d390f207b7c1aea04a0ec7c34f88

              Download Submit

            • /data/data/com.flash.candy/app_DynamicOptDex/yuP.json
              Filesize

              649KB

              MD5

              586e4746404093f43f33a8d69f44fdc7

              SHA1

              4d7d8866625295d09a4decc9f2b9f677dacf5b5f

              SHA256

              caf7ebf804cc01a18f0b5f4d8b75092f096d9d87db07c9e5f8baac610acaa91c

              SHA512

              62d4dda261382f22da9a20a1a961d8b3e823120031c0711791fe9e91005c7488d6a38e73748781b7c6f469e5dcf6f8e21aad940838dde1dd4dc5a8fa985d2ac7

              Download Submit

            • /data/user/0/com.flash.candy/app_DynamicOptDex/yuP.json
              Filesize

              1.7MB

              MD5

              b87146ed9fa705b751f1150a59cac121

              SHA1

              ba079ba77758632f3484701eebd1a18d3a185f9d

              SHA256

              ee35d4a420c277badafbc111fec9b4a0a17cc5d26a54d6d1dbf672a13d585ff6

              SHA512

              2afc5ae4a4eb0aa25c1769e79788722a22d52e6aea0c79cfd073ab8924dc3b336c3754f763e9c564b20e187766e000f7edc90a04564b582fb387d686c8a5fc3e

              Download Submit