chameleon | fd1b0532fec81fad059021788442edd7f6fcd413065346c8d717846fd2a741be

Analysis

max time kernel
7s
max time network
184s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
05/08/2024, 22:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fd1b0532fec81fad059021788442edd7f6fcd413065346c8d717846fd2a741be.apk
Size

3.5MB
MD5

9a8d945c377893429358bc84ed08d14d
SHA1

a53c625185caeadaa13773911675693ec6101ecf
SHA256

fd1b0532fec81fad059021788442edd7f6fcd413065346c8d717846fd2a741be
SHA512

b2406d89ff9b566229424a8b5754457ffdb515b9ba4dfbcbd5b4650bfd5c7030c7144cb25a41325237bf59174c243fe43c148459a2b1ce3bcef0303efe39e489
SSDEEP

49152:jO+P5fN8LAePqiZh1FXxnzXcBWFNHAbTvkQn9jx/eBC7zupmENEwGgveCwk54FWR:bN88KbHMUAbTvkGjdew7Cpk2DwkqIR

Score

10^/10

chameleon banker evasion infostealer trojan

Malware Config

Signatures

Chameleon
Chameleon is an Android banking trojan first seen in 2023.
trojan infostealer banker chameleon

Chameleon payload 1 IoCs

resource	yara_rule
behavioral2/memory/5098-0.dex	family_chameleon

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/zHZxuCtDf44a1ce51ffa0.zHZxuCtDf9303bc0b8e85/app_entire/kTWpp.json	5098	zHZxuCtDf44a1ce51ffa0.zHZxuCtDf9303bc0b8e85

zHZxuCtDf44a1ce51ffa0.zHZxuCtDf9303bc0b8e85
1⤵
- Loads dropped Dex/Jar
PID:5098

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/zHZxuCtDf44a1ce51ffa0.zHZxuCtDf9303bc0b8e85/app_entire/kTWpp.json

Filesize
981KB

MD5
6fd7efa940622b6bc637205a77417cbc

SHA1
4dc3cbdc80ec9a13dc3506e613eb5040e871b675

SHA256
5682a35d86b6e37cb494805fb9f401e676fa2f0f83ddd1a3d2d366d50920f0cc

SHA512
55b8a22d21ce586648b8bb00b1c03db2d03ef59b877d20aa5ca3637a25c1f43287420bcaa477b3ee6d101ec5d91730838f9f6611d0fe26047ecd2bce033d2100

Download Submit
/data/data/zHZxuCtDf44a1ce51ffa0.zHZxuCtDf9303bc0b8e85/app_entire/kTWpp.json

Filesize
981KB

MD5
e5775a1b3623caa1a21d7fec7bc25492

SHA1
6da0ea6db7493997097e003f8ba7d7ef5ff4f7e4

SHA256
41961574c89b4d67bd39577630657b37d062cd9f0f3b9a13249df9d44732c8e4

SHA512
1ec15f7da9dce2fc093240b2886c0491a0f185838dea9dec66f2959b1d17e59b1b58a2f8ddd05795c2b5f084166be27b1294eecaf3539bae1607428c3adb5fc1

Download Submit
/data/user/0/zHZxuCtDf44a1ce51ffa0.zHZxuCtDf9303bc0b8e85/app_entire/kTWpp.json

Filesize
2.8MB

MD5
1bdb32168b037a01e123670bf74c7aaa

SHA1
d61db8a61a5fdc3d1baf6c378cff54c28cab1bc7

SHA256
828f4b4dff7a97c1cdd2a12368fcded9b8a01674e93b07e302b481acf0437a47

SHA512
635c2a2173c32596d077938423cf866043183500948d163413cc7c97c0059a73fdf29a92bc50ce90497afca2145afb208a3c274bf08b1ab88f3d5978fd8722ae

Download Submit