chameleon | 0a6ffd4163cd96d7d262be5ae7fa5cfc3affbea822d122c0803379d78431e5f6

Analysis

max time kernel
3459357s
max time network
129s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
03/01/2024, 07:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0a6ffd4163cd96d7d262be5ae7fa5cfc3affbea822d122c0803379d78431e5f6.apk
Size

4.0MB
MD5

e51a38f4f028ec5fb2d6c73d5e2c65bd
SHA1

a8a02aeff92389e57b6d6065e49350b405b62498
SHA256

0a6ffd4163cd96d7d262be5ae7fa5cfc3affbea822d122c0803379d78431e5f6
SHA512

49a16b180a9c78c677faee42a9ac7d854fa48303c7f19b99225b0f31ae58d7648366f61427d9b9c98394be430e6b95589b0edd51357c0f312b6d1af7aa517fc7
SSDEEP

98304:6VOoTN2iE/INh5QPKrURLD9i5WuUkILmMoCIxQ:6Vd2qPQPKrUtZi5Wu3DQ

Score

10^/10

chameleon banker evasion infostealer trojan

Malware Config

Signatures

Chameleon
Chameleon is an Android banking trojan first seen in 2023.
trojan infostealer banker chameleon

Chameleon payload 1 IoCs

resource	yara_rule
behavioral1/memory/4249-0.dex	family_chameleon

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.busy.lady/app_DynamicOptDex/kx.json	4249	com.busy.lady

Checks the presence of a debugger
evasion

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.busy.lady

com.busy.lady
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4249

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.busy.lady/app_ACRA-unapproved/.stacktrace

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/data/data/com.busy.lady/app_DynamicOptDex/kx.json

Filesize
795KB

MD5
bdfed9a756fdf9527aa6b88b8d0926c9

SHA1
c454007acd19b9dac9fd2f3edbd1cdb8e6f9695f

SHA256
bfeba7e8958cb6a520935ddae917aaa8baf5edbdffbd98e86fdc6371c0ef83cc

SHA512
5559a05dd74b5629751192228ccd663603887d6ed1173a7641d5b6a5fb132a6b906a34a153309383a5440ab863392230a8829c665485cdc3a90c9a1aeecda20d

Download Submit
/data/data/com.busy.lady/app_DynamicOptDex/kx.json

Filesize
795KB

MD5
86bd7474873538229b90ae4d953a73ea

SHA1
3d62ac1d4e9ce3c646ae85360070589505c35395

SHA256
23a358560319370af894f169ee212a8b69e8d3097aee50d44722a4c194e6925a

SHA512
aee8cc30624ac5a11929842a097685f34a54d3e8a4364dcebf40b9a1bf7e025231689ff21774b57f9f722901a89d69f6f3972124bd2401fc984b7d10e19f6112

Download Submit
/data/user/0/com.busy.lady/app_DynamicOptDex/kx.json

Filesize
2.1MB

MD5
515f42a7b56868be873549c52fa96609

SHA1
24bbf068b20b2ba9894fbf4a33ad5ecb5e948499

SHA256
544dfc922e22a3de19f7bc5b9e5f5fdbe41abba783d9634568bc62104ac4f810

SHA512
2726d99760cb064765093b6ac986cd8a57c0cbc1adca8a5801ab8d0ab499712e10b8db61e99a5a5f7bbb5a5e27d703ad721e6b60230d4c00bba2757577f8e8fc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads