Overview

overview

10

Static

static

7

f6b896016c...60.apk

android-9-x86

10

f6b896016c...60.apk

android-10-x64

10

f6b896016c...60.apk

android-11-x64

10

closebutton.html

windows7-x64

1

closebutton.html

windows10-2004-x64

1

core_wrapper.js

windows7-x64

1

core_wrapper.js

windows10-2004-x64

1

lynx_core.js

windows7-x64

1

lynx_core.js

windows10-2004-x64

1

nd

ubuntu-18.04-amd64

slardar_bridge.js

windows7-x64

1

slardar_bridge.js

windows10-2004-x64

1

slardar_sdk.js

windows7-x64

1

slardar_sdk.js

windows10-2004-x64

1

template.js

windows7-x64

1

template.js

windows10-2004-x64

1

Analysis

  • max time kernel
    4265378s
  • max time network
    146s
  • platform
    android_x86
  • resource
    android-x86-arm-20231023-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231023-enlocale:en-usos:android-9-x86system
  • submitted
    23/11/2023, 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f6b896016c8dc74c67065d1f2246a32f175bbedf416fd132afc747b4709d8e60.apk

  • Size

    3.3MB

  • MD5

    4d758b001b028fff8a61ab5d6504532f

  • SHA1

    e8b4e3c60118b49a73135b3bd86ffe5a845e5fee

  • SHA256

    f6b896016c8dc74c67065d1f2246a32f175bbedf416fd132afc747b4709d8e60

  • SHA512

    afc784540c1608be34ad9b8f71d1779383d3a5a6413db476167cf960b2cd25c99e1c9e94dd8e609b5235834319e9fc5e7162f15283ecc12831a3ca482bdebb0c

  • SSDEEP

    98304:imWOQG/yIGGHImNHhZ/jE3Q/sH5XZXNOKcbglD52s7/Uxc00HHTJ4z:SxIGGoETWZl/yGJ4z

Score
10/10
chameleonbankerinfostealerransomwaretrojan

Malware Config

Signatures

  • Chameleon

    Chameleon is an Android banking trojan first seen in 2023.

    trojaninfostealerbankerchameleon
  • Chameleon payload 1 IoCs
  • Checks Android system properties for emulator presence. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.clay.before
    1⤵
    • Checks Android system properties for emulator presence.
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4332
    • sh
      2⤵
        PID:4365
        • /system/bin/sh /system/bin/pm list package -3
          3⤵
            PID:4387
            • cmd package list package -3
              4⤵
                PID:4404
          • sh
            2⤵
              PID:4426
              • cat /proc/self/cgroup
                3⤵
                  PID:4443

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • /data/data/com.clay.before/app_DynamicOptDex/qw.json
              Filesize

              651KB

              MD5

              6d45d848ab79fa82589380cf426f8e85

              SHA1

              0f14d3e4c82295e5aa7114764d8b232a58fc83b0

              SHA256

              0d9e86678219942a0dfb6009fc8576e9a5187b48ecaf530392a2e7c2533b9e65

              SHA512

              233fd8f55deac09a2c778010eb11d9855f5ffa504ffbfdddf349ce6f36522255bcff50eef5946b428384417a3dfd3d86d2309366d4884440f916541f6b3f463b

              Download Submit

            • /data/data/com.clay.before/app_DynamicOptDex/qw.json
              Filesize

              651KB

              MD5

              ddbed767ce9844ff81d94b00a7ce5546

              SHA1

              f6bbaed7ec72267e9dcec2a8c3ae8b2449b7de27

              SHA256

              a3f1236de8b7621cefb9cb813d378cbb046ab2a27585730bf4dd71ee16ba1e6d

              SHA512

              2fda88d658b6cd7354a41cf6bcb2a2b10b1cb5f776a2ea2c3f5e8f7d70224ffee10bc01993b82583b62cc59340c6e48c28bb8e33444f07221939713924fbbf11

              Download Submit

            • /data/user/0/com.clay.before/app_DynamicOptDex/qw.json
              Filesize

              1.7MB

              MD5

              bad310fbd59595407132c05df6f4a277

              SHA1

              8ff53a8b3e2d1016082ee1fff78df9a92d36b936

              SHA256

              9a1ae1a9bdefb02b1f512a6382ac3bac0a50b3de9d158c2143e4ae5afa8a16a7

              SHA512

              875eb2fe43d1f3a52bc1cf27d0003db7c0c26ba993cfb3833e8430813245bae8d8235de841a67d14e7cb08e9554755524d82421ed4315d66fb3f2a1bfb3899ec

              Download Submit