chameleon | 0a6ffd4163cd96d7d262be5ae7fa5cfc3affbea822d122c0803379d78431e5f6

Analysis

max time kernel
4292323s
max time network
159s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
12/01/2024, 22:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0a6ffd4163cd96d7d262be5ae7fa5cfc3affbea822d122c0803379d78431e5f6.apk
Size

4.0MB
MD5

e51a38f4f028ec5fb2d6c73d5e2c65bd
SHA1

a8a02aeff92389e57b6d6065e49350b405b62498
SHA256

0a6ffd4163cd96d7d262be5ae7fa5cfc3affbea822d122c0803379d78431e5f6
SHA512

49a16b180a9c78c677faee42a9ac7d854fa48303c7f19b99225b0f31ae58d7648366f61427d9b9c98394be430e6b95589b0edd51357c0f312b6d1af7aa517fc7
SSDEEP

98304:6VOoTN2iE/INh5QPKrURLD9i5WuUkILmMoCIxQ:6Vd2qPQPKrUtZi5Wu3DQ

Score

10^/10

chameleon banker evasion infostealer trojan

Malware Config

Signatures

Chameleon
Chameleon is an Android banking trojan first seen in 2023.
trojan infostealer banker chameleon

Chameleon payload 1 IoCs

resource	yara_rule
behavioral3/memory/4680-0.dex	family_chameleon

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.busy.lady/app_DynamicOptDex/kx.json	4680	com.busy.lady

Checks the presence of a debugger
evasion

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.busy.lady

com.busy.lady
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.busy.lady/app_ACRA-unapproved/.stacktrace

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
/data/user/0/com.busy.lady/app_DynamicOptDex/kx.json

Filesize
795KB

MD5
bdfed9a756fdf9527aa6b88b8d0926c9

SHA1
c454007acd19b9dac9fd2f3edbd1cdb8e6f9695f

SHA256
bfeba7e8958cb6a520935ddae917aaa8baf5edbdffbd98e86fdc6371c0ef83cc

SHA512
5559a05dd74b5629751192228ccd663603887d6ed1173a7641d5b6a5fb132a6b906a34a153309383a5440ab863392230a8829c665485cdc3a90c9a1aeecda20d

Download Submit
/data/user/0/com.busy.lady/app_DynamicOptDex/kx.json

Filesize
795KB

MD5
86bd7474873538229b90ae4d953a73ea

SHA1
3d62ac1d4e9ce3c646ae85360070589505c35395

SHA256
23a358560319370af894f169ee212a8b69e8d3097aee50d44722a4c194e6925a

SHA512
aee8cc30624ac5a11929842a097685f34a54d3e8a4364dcebf40b9a1bf7e025231689ff21774b57f9f722901a89d69f6f3972124bd2401fc984b7d10e19f6112

Download Submit
/data/user/0/com.busy.lady/app_DynamicOptDex/kx.json

Filesize
2.1MB

MD5
d9679d403fd4720cd0b77d5f68e842ac

SHA1
90720b3c5a794abdf33b289fa0c6f3669d7a9e1c

SHA256
f792b6e7f0c7aae27bb6879429e1a61a697928047f6e7f9bd995bfaa81c3f73d

SHA512
36b32b3c7cae1d014abafc672c18dca4936c79fbebaab42f2668e395903a49bb6f63c010e6609263dbfeb939e8dbe91d9f1f65467c4291157fa6821f00341869

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads