chameleon | f096f988e99ab23a702802d79123ff37707dd9f1f22a6bcbf65afd8125cc242e

Analysis

max time kernel
402119s
max time network
131s
platform
android_x86
resource
android-x86-arm-20231023-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231023-enlocale:en-usos:android-9-x86system
submitted
28/11/2023, 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f096f988e99ab23a702802d79123ff37707dd9f1f22a6bcbf65afd8125cc242e.apk
Size

3.7MB
MD5

f42bb96a7d237720fcdbc619b40e78e3
SHA1

d02299ca9d23553dc7b1516e01f1561372950f6b
SHA256

f096f988e99ab23a702802d79123ff37707dd9f1f22a6bcbf65afd8125cc242e
SHA512

7f97a13f7c2746949ca63b7b6f2cc7a221ca556e81f00f9d57322b9277b5efe70687b82507e1a9ed9dd569c0a470c01eedf415a7f4fda9960c052b797ba30978
SSDEEP

49152:P1KXYl8/MyNHWMYuibq5YxUPJ8ejekfNUFgLvk5TJeZXCwAsuURi0TX0T:9KXYl8UyN28SxMbNUFL5T5KiBT

Score

10^/10

chameleon banker evasion infostealer ransomware trojan

Malware Config

Signatures

Chameleon
Chameleon is an Android banking trojan first seen in 2023.
trojan infostealer banker chameleon

Chameleon payload 1 IoCs

resource	yara_rule
behavioral1/memory/4284-0.dex	family_chameleon

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.weapon.host/app_DynamicOptDex/LSU.json	4284	com.weapon.host

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

ransomware

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.weapon.host

Checks the presence of a debugger.
evasion

com.weapon.host
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:4284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.weapon.host/app_ACRA-unapproved/.stacktrace

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/data/data/com.weapon.host/app_DynamicOptDex/LSU.json

Filesize
811KB

MD5
2510bba725fbcba9433bfe3302995194

SHA1
632f80cbcde9a09503166e0394f79e0b24ef145e

SHA256
b05232fd54d00915ff91c8c4eec8f454ba866845af098b90856b8c73fccf467a

SHA512
13dc6b89b8a35d96f8e5597b5e753f1542ee961ec386be6af602fd1ef62f7803c0a03e46da8258eb0347ca7c477b3b3034d1a665796a1cb07e919a93d7718be1

Download Submit
/data/data/com.weapon.host/app_DynamicOptDex/LSU.json

Filesize
811KB

MD5
53fd93c55540228f56a6e7623c399d17

SHA1
15d8b353f2a3e368845e175f77ddbca8ff7f5434

SHA256
0b01fbfed51eea13f5a1d4a0837681d35ecd3255ac439147e9c068e1bed2d448

SHA512
be46ce40a9c82a51ae317711b84acfe2384ca8ec8835882b8ccf14efaaded539db26d3ce505fe7b53dde47bfb205da1d169bc224b2ef5d77bcf1a47727a46d31

Download Submit
/data/user/0/com.weapon.host/app_DynamicOptDex/LSU.json

Filesize
2.2MB

MD5
eb17004568b6bd30a175c1b836e2efd5

SHA1
1c5de75cc6c95fe5df66189869a9938a81191393

SHA256
870ebe644e829bdd9e53d87bf4a4fdbaa54d1361ca20916904435064ebba19ac

SHA512
2dd73a09b0b4c6e2a092a876958d550299374d0b35791cbe89f2ec6f42da1caf28adea7bc450c9b4eed1c36b5d3cb7e412833306060ce231519837e4dd10468d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads