Analysis
-
max time kernel
10s -
max time network
131s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
07/11/2024, 22:07
Static task
static1
Behavioral task
behavioral1
Sample
2c2a6717a0a5239c7d2dfe5854ba0b3622610cc1a99dd718363d10efaa6ada35.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
2c2a6717a0a5239c7d2dfe5854ba0b3622610cc1a99dd718363d10efaa6ada35.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
2c2a6717a0a5239c7d2dfe5854ba0b3622610cc1a99dd718363d10efaa6ada35.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
2c2a6717a0a5239c7d2dfe5854ba0b3622610cc1a99dd718363d10efaa6ada35.apk
-
Size
3.6MB
-
MD5
b1d2bbc7ad3a97384bc054b782da711e
-
SHA1
fe9c448f9dcf320cd6a594ae14226e010082bf3c
-
SHA256
2c2a6717a0a5239c7d2dfe5854ba0b3622610cc1a99dd718363d10efaa6ada35
-
SHA512
e0289a396c00b774b0460bc74a9c1d01f64ffffe7beb66619732f488adbfc997bb2eb999efc8ce74e33a1bf28cd3a929b921f332fd9927c349b22c2e7ffafeb9
-
SSDEEP
98304:pwYQI3t8FxEqIjGHy2Nw8nJjEsQ7zHtXfIN8cZgNSiPpzItxhJaUrVKjA:pQW8FxELjGS0w6WNSfhJejA
Malware Config
Signatures
-
Chameleon
Chameleon is an Android banking trojan first seen in 2023.
-
Chameleon family
-
Chameleon payload 1 IoCs
resource yara_rule behavioral1/memory/4345-0.dex family_chameleon -
Checks Android system properties for emulator presence. 1 TTPs 1 IoCs
description ioc Process Accessed system property key: ro.hardware com.tray.nominee -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.tray.nominee/app_DynamicOptDex/ufBip.json 4345 com.tray.nominee -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.tray.nominee
Processes
-
com.tray.nominee1⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4345 -
sh2⤵PID:4380
-
/system/bin/sh /system/bin/pm list package -33⤵PID:4398
-
cmd package list package -34⤵PID:4415
-
-
-
-
sh2⤵PID:4436
-
cat /proc/self/cgroup3⤵PID:4455
-
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
911KB
MD56cd2715362c1b92a02055eab0ee474c8
SHA19d744e8bd1a8c3a4c7b9bc99e9f151565257338b
SHA25665376bff9cb3107ac6f6f8b1a729a040143b3c9acad41367c80505582de60b99
SHA5129dea97b8b26cf8b54b126861c7d079e9e4ec9db0a2c4d728eb244a7d94fc32c77799c7166e8a1dc80b95ddf3093e316b82169ee040e40c94753763419496647b
-
Filesize
911KB
MD557b88f9814c39a76fa2e180889a1ec75
SHA13f07effa328f7e484b57973d43d5a269f9e9eaa9
SHA256baba0975731712ba96f92787ea7179eacac1ee9f3f2f8739b6cb558b4a4a7524
SHA5122c180742ce4a7c7081927d3e451da85407fd9616d7721105cd68711ad7d6f9758965ebfbcd968ba378ee57150b86dc04023ebbc222cddfb1592d2524ef34729c
-
Filesize
2.4MB
MD52a8ffa0ab573642d8dac26cbf0930ad7
SHA18c5725393e6c801578b1ddaa40b2d436e0838cce
SHA2560b6e5890feecd14736b2f0036164bb1d4ea8e5133e4f8d0554110b1ecd4fdb8c
SHA512aaf44c0e53474afe371e0d7bde1902bbe2056fa394bbaedacab5260f5c579f9410043be62e0a8358aee5e7ddf3202791dfc278e577326d1fdc089afd21a0b98f