Overview

overview

10

Static

static

7

4dea018509...a3.apk

android-9-x86

10

4dea018509...a3.apk

android-10-x64

10

4dea018509...a3.apk

android-11-x64

10

closebutton.html

windows7-x64

1

closebutton.html

windows10-2004-x64

1

core_wrapper.js

windows7-x64

1

core_wrapper.js

windows10-2004-x64

1

lynx_core.js

windows7-x64

1

lynx_core.js

windows10-2004-x64

1

nd

ubuntu-18.04-amd64

slardar_bridge.js

windows7-x64

1

slardar_bridge.js

windows10-2004-x64

1

slardar_sdk.js

windows7-x64

1

slardar_sdk.js

windows10-2004-x64

1

template.js

windows7-x64

1

template.js

windows10-2004-x64

1

Analysis

  • max time kernel
    4178552s
  • max time network
    149s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231023-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231023-enlocale:en-usos:android-11-x64system
  • submitted
    22/11/2023, 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4dea0185093fca4b3cb1e6ba02c298643a70c93ddaad8c611bedc1b043716ea3.apk

  • Size

    3.2MB

  • MD5

    a049dbceccfa86726e2f4342cde65469

  • SHA1

    fa52ce57b566a53558fe0a80491e3144b0d82d26

  • SHA256

    4dea0185093fca4b3cb1e6ba02c298643a70c93ddaad8c611bedc1b043716ea3

  • SHA512

    cc9a3b03d1fcceb44205bba3dbde08f305bb57aee71c446d603faa34ca57a2731f0db389c467a5f62cd8a962a4163ad5c4bb3016c716088bba0be0e849d28c0f

  • SSDEEP

    98304:esYEcRLqWPvec6sGH4qNXZDjENQr6Qi3T9/HhX9xNa+6ZyPdlsWxTXxo2:esLwBec6sGYoJqF3B/9Pzxo2

Score
10/10
chameleonbankerinfostealerransomwaretrojan

Malware Config

Signatures

  • Chameleon

    Chameleon is an Android banking trojan first seen in 2023.

    trojaninfostealerbankerchameleon
  • Chameleon payload 1 IoCs
  • Checks Android system properties for emulator presence. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.flash.candy
    1⤵
    • Checks Android system properties for emulator presence.
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4410

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.flash.candy/app_DynamicOptDex/yuP.json
    Filesize

    649KB

    MD5

    51946985cd53d99b7f0bd7d8531f3a20

    SHA1

    bc14f73cbb3408489cad4aecd5a7b65a1c44921a

    SHA256

    d05117a21f934c3fe520ceba5212b34c70651ec77603a56c5449bf95ca92dc16

    SHA512

    1e7e6f39b12b18a49d7319d8217c3445e12d6f1b4aa22677020759a4cf81800c7e339e9cd0503cec48ac7ae3383a8eefd804d390f207b7c1aea04a0ec7c34f88

    Download Submit

  • /data/user/0/com.flash.candy/app_DynamicOptDex/yuP.json
    Filesize

    649KB

    MD5

    586e4746404093f43f33a8d69f44fdc7

    SHA1

    4d7d8866625295d09a4decc9f2b9f677dacf5b5f

    SHA256

    caf7ebf804cc01a18f0b5f4d8b75092f096d9d87db07c9e5f8baac610acaa91c

    SHA512

    62d4dda261382f22da9a20a1a961d8b3e823120031c0711791fe9e91005c7488d6a38e73748781b7c6f469e5dcf6f8e21aad940838dde1dd4dc5a8fa985d2ac7

    Download Submit

  • /data/user/0/com.flash.candy/app_DynamicOptDex/yuP.json
    Filesize

    1.7MB

    MD5

    429c9740b293637ac8496c2c9d9ebd13

    SHA1

    bc736894143413c2e9d0f953109fc9593f35a441

    SHA256

    a7b4ceda47d990c3aacd52db91f94fbd49797e9b1b97fa556a96a4beff033f26

    SHA512

    669939a344b23713dc22ac58243dabb7c894826e9afbf022c778dc79a7684826636ddf6e3518a34d8e2127aaefe6e91386cb4f2e3080f10127f45462384c6844

    Download Submit