Overview

overview

10

Static

static

7

f6b896016c...60.apk

android-9-x86

10

f6b896016c...60.apk

android-10-x64

10

f6b896016c...60.apk

android-11-x64

10

closebutton.html

windows7-x64

1

closebutton.html

windows10-2004-x64

1

core_wrapper.js

windows7-x64

1

core_wrapper.js

windows10-2004-x64

1

lynx_core.js

windows7-x64

1

lynx_core.js

windows10-2004-x64

1

nd

ubuntu-18.04-amd64

slardar_bridge.js

windows7-x64

1

slardar_bridge.js

windows10-2004-x64

1

slardar_sdk.js

windows7-x64

1

slardar_sdk.js

windows10-2004-x64

1

template.js

windows7-x64

1

template.js

windows10-2004-x64

1

Analysis

  • max time kernel
    4265418s
  • max time network
    149s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231023-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231023-enlocale:en-usos:android-11-x64system
  • submitted
    23/11/2023, 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f6b896016c8dc74c67065d1f2246a32f175bbedf416fd132afc747b4709d8e60.apk

  • Size

    3.3MB

  • MD5

    4d758b001b028fff8a61ab5d6504532f

  • SHA1

    e8b4e3c60118b49a73135b3bd86ffe5a845e5fee

  • SHA256

    f6b896016c8dc74c67065d1f2246a32f175bbedf416fd132afc747b4709d8e60

  • SHA512

    afc784540c1608be34ad9b8f71d1779383d3a5a6413db476167cf960b2cd25c99e1c9e94dd8e609b5235834319e9fc5e7162f15283ecc12831a3ca482bdebb0c

  • SSDEEP

    98304:imWOQG/yIGGHImNHhZ/jE3Q/sH5XZXNOKcbglD52s7/Uxc00HHTJ4z:SxIGGoETWZl/yGJ4z

Score
10/10
chameleonbankerinfostealerransomwaretrojan

Malware Config

Signatures

  • Chameleon

    Chameleon is an Android banking trojan first seen in 2023.

    trojaninfostealerbankerchameleon
  • Chameleon payload 1 IoCs
  • Checks Android system properties for emulator presence. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.clay.before
    1⤵
    • Checks Android system properties for emulator presence.
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.clay.before/app_DynamicOptDex/qw.json
    Filesize

    651KB

    MD5

    6d45d848ab79fa82589380cf426f8e85

    SHA1

    0f14d3e4c82295e5aa7114764d8b232a58fc83b0

    SHA256

    0d9e86678219942a0dfb6009fc8576e9a5187b48ecaf530392a2e7c2533b9e65

    SHA512

    233fd8f55deac09a2c778010eb11d9855f5ffa504ffbfdddf349ce6f36522255bcff50eef5946b428384417a3dfd3d86d2309366d4884440f916541f6b3f463b

    Download Submit

  • /data/user/0/com.clay.before/app_DynamicOptDex/qw.json
    Filesize

    651KB

    MD5

    ddbed767ce9844ff81d94b00a7ce5546

    SHA1

    f6bbaed7ec72267e9dcec2a8c3ae8b2449b7de27

    SHA256

    a3f1236de8b7621cefb9cb813d378cbb046ab2a27585730bf4dd71ee16ba1e6d

    SHA512

    2fda88d658b6cd7354a41cf6bcb2a2b10b1cb5f776a2ea2c3f5e8f7d70224ffee10bc01993b82583b62cc59340c6e48c28bb8e33444f07221939713924fbbf11

    Download Submit

  • /data/user/0/com.clay.before/app_DynamicOptDex/qw.json
    Filesize

    1.7MB

    MD5

    98b417f2d0b21f1d00938c81481c6ef0

    SHA1

    492015a43ab987ebfa5a9e0bb633aabaf2989711

    SHA256

    3f0d2c11184c09e132b76934f8974d74b56e71e54f8224986ea33e80942398fd

    SHA512

    94ee749c8181beafdf5a618261b3d3d2c6d103d9e12e0d669dbf0b398809cdf2eec8ae5b006bf1cfb471c277b2cca5fda1d5d091d142879aa62d33f26d7c21e1

    Download Submit