chameleon | f096f988e99ab23a702802d79123ff37707dd9f1f22a6bcbf65afd8125cc242e

Analysis

max time kernel
402113s
max time network
133s
platform
android_x64
resource
android-x64-20231023.1-en
resource tags

androidarch:x64arch:x86image:android-x64-20231023.1-enlocale:en-usos:android-10-x64system
submitted
28/11/2023, 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f096f988e99ab23a702802d79123ff37707dd9f1f22a6bcbf65afd8125cc242e.apk
Size

3.7MB
MD5

f42bb96a7d237720fcdbc619b40e78e3
SHA1

d02299ca9d23553dc7b1516e01f1561372950f6b
SHA256

f096f988e99ab23a702802d79123ff37707dd9f1f22a6bcbf65afd8125cc242e
SHA512

7f97a13f7c2746949ca63b7b6f2cc7a221ca556e81f00f9d57322b9277b5efe70687b82507e1a9ed9dd569c0a470c01eedf415a7f4fda9960c052b797ba30978
SSDEEP

49152:P1KXYl8/MyNHWMYuibq5YxUPJ8ejekfNUFgLvk5TJeZXCwAsuURi0TX0T:9KXYl8UyN28SxMbNUFL5T5KiBT

Score

10^/10

chameleon banker evasion infostealer ransomware trojan

Malware Config

Signatures

Chameleon
Chameleon is an Android banking trojan first seen in 2023.
trojan infostealer banker chameleon

Chameleon payload 1 IoCs

resource	yara_rule
behavioral2/memory/4956-0.dex	family_chameleon

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.weapon.host/app_DynamicOptDex/LSU.json	4956	com.weapon.host

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

ransomware

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.weapon.host

Checks the presence of a debugger.
evasion

com.weapon.host
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:4956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.weapon.host/app_ACRA-unapproved/.stacktrace

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/data/data/com.weapon.host/app_DynamicOptDex/LSU.json

Filesize
811KB

MD5
2510bba725fbcba9433bfe3302995194

SHA1
632f80cbcde9a09503166e0394f79e0b24ef145e

SHA256
b05232fd54d00915ff91c8c4eec8f454ba866845af098b90856b8c73fccf467a

SHA512
13dc6b89b8a35d96f8e5597b5e753f1542ee961ec386be6af602fd1ef62f7803c0a03e46da8258eb0347ca7c477b3b3034d1a665796a1cb07e919a93d7718be1

Download Submit
/data/data/com.weapon.host/app_DynamicOptDex/LSU.json

Filesize
811KB

MD5
53fd93c55540228f56a6e7623c399d17

SHA1
15d8b353f2a3e368845e175f77ddbca8ff7f5434

SHA256
0b01fbfed51eea13f5a1d4a0837681d35ecd3255ac439147e9c068e1bed2d448

SHA512
be46ce40a9c82a51ae317711b84acfe2384ca8ec8835882b8ccf14efaaded539db26d3ce505fe7b53dde47bfb205da1d169bc224b2ef5d77bcf1a47727a46d31

Download Submit
/data/user/0/com.weapon.host/app_DynamicOptDex/LSU.json

Filesize
2.2MB

MD5
8c93dbda73d165cb5a88ef2c33cafab5

SHA1
2f5abe3b94b2ecb83cd208f46ac3136989f794b8

SHA256
f5b5a32a926e45d9d1553aff1b5ecb41c870728c7928e6e8bb3bac5ab5208230

SHA512
0fb1367e56413edd5ba01ff286df91e5a459ea901d5e653c50e47a323afb1d92badff4997cf3202114f02290cb84183a18ace316faa2551acced0a2f4ed740ea

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads