chameleon | b8ea74902684dcced62a5ca2c1d6932659decfefcbdb2615bfe5899e05eb1451

Resubmissions

03/10/2024, 18:28

241003-w4p4gszepl 10

27/09/2024, 19:23

240927-x3snnavfmk 10

Analysis

max time kernel
3s
max time network
152s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
03/10/2024, 18:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

xecvbzvspk.apk
Size

3.7MB
MD5

36906c0fbc3a4b2044b1efc75071c567
SHA1

78219736bf46b4fd3535b914f928e408b34c3911
SHA256

ddd40c0a5813b8e9bb72e004bc10799ec10068e909713c6542e88ef95100ab9c
SHA512

80fdb89d7a0aaeefc9ee4d615dd4263f7d830902296850ff5b12fb87e53d486a317634734023349da018e1b6f4b35bb35cc6306eeca333b5fe3d9dc01add6fa6
SSDEEP

98304:kWy+uJvQHIhObEuo07R31xJ/nNw0rCg+EVINNM:k+bHIh0EQT1lCgn6NM

Score

10^/10

chameleon banker evasion infostealer trojan

Malware Config

Signatures

Chameleon
Chameleon is an Android banking trojan first seen in 2023.
trojan infostealer banker chameleon

Chameleon payload 1 IoCs

resource	yara_rule
behavioral2/memory/4280-0.dex	family_chameleon

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.wrap.jump/app_foot/eLP.json	4280	com.wrap.jump

com.wrap.jump
1⤵
- Loads dropped Dex/Jar
PID:4280

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.wrap.jump/app_foot/eLP.json

Filesize
844KB

MD5
cdca6a54724a67bf35dee53cf7085579

SHA1
ff0c7e3e7cb4c3731f7cd37785ae6920c2f350ed

SHA256
bbeb21cae9eb89ce5b811881a5204e3a05723b9057941d9c58f65e2124634552

SHA512
3a0957db5ef2c06cccfe3cce12fd76214f281ccffced67cffed4feb0c482e6bee334c90bdd3e3a0301d51ba96e0837a531271a0d86898faaf96aca46a93ea389

Download Submit
/data/data/com.wrap.jump/app_foot/eLP.json

Filesize
844KB

MD5
9dab55184a4dac5422aa6bed9e83f725

SHA1
5c3bb90b486d7d133a92f7edf15cbabff2d4c50c

SHA256
e3aeb5f0c788796857884150b7bb90c95aaa209ec3fed54f8bab165042425546

SHA512
ae8eae0aae9f5afce8b277905d1fff30d93c869d3f3622f64793bafd5d47345999d1927c93ef24596ed1c04e97d1a70b504e5cdd782a1c90e34a1aaea565f338

Download Submit
/data/user/0/com.wrap.jump/app_foot/eLP.json

Filesize
2.0MB

MD5
bd20dff28313694c259fe9734e6ae135

SHA1
3aea72e0fd040afd0acbf8655b8fc36854fbbd96

SHA256
f0600000aa0f7324e85c542e096b7a8edc037ed16532154a8d9d007cfff4be11

SHA512
34905dd1fdd45fb8f8042283d5a031e7a5383f09b9179b3a8ed2fd59d9b814635f110c4e8369a8f26b0d2bcee8e9975a74cde0b87963ccbf8e6866facc4a61aa

Download Submit