Overview

overview

10

Static

static

6

e32218193a...73.apk

android-10-x64

10

e32218193a...73.apk

android-11-x64

10

e32218193a...73.apk

android-13-x64

10

e32218193a...73.apk

android-9-x86

10

Analysis

  • max time kernel
    6s
  • max time network
    83s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    29/11/2024, 07:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e32218193a0649dcb9333187c2e9b1981b923e46be3c5d09bb4290e7c976db73.apk

  • Size

    3.1MB

  • MD5

    ac9bada8f5e415f7a42d3783d33fff78

  • SHA1

    f5602c1c58e80adbc31b0b6cf2aaf08400fa2573

  • SHA256

    e32218193a0649dcb9333187c2e9b1981b923e46be3c5d09bb4290e7c976db73

  • SHA512

    1f9763cea1e72b7876babb37612b7c9be6a47962d88a24c7094f518e82f6206ff7bf1799bfb835f6181fadb53adb4e9317c7e2b2b5d5b4b3350d240766889dc2

  • SSDEEP

    98304:BAZkFXAySCFNSXNEk/mWmEFqSgEWkM/W+DL8CWVQzNepQc7e:BFZuC3S3iee

Score
10/10
chameleonbankerevasionimpactinfostealertrojan

Malware Config

Signatures

  • Chameleon

    Chameleon is an Android banking trojan first seen in 2023.

    trojaninfostealerbankerchameleon
  • Chameleon family
    chameleon
  • Chameleon payload 1 IoCs
  • Checks Android system properties for emulator presence. 1 TTPs 1 IoCs
    evasion
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.over.initial
    1⤵
    • Checks Android system properties for emulator presence.
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4343
    • sh
      2⤵
        PID:4373
        • /system/bin/sh /system/bin/pm list package -3
          3⤵
            PID:4391
            • cmd package list package -3
              4⤵
                PID:4408
          • sh
            2⤵
              PID:4429
              • cat /proc/self/cgroup
                3⤵
                  PID:4446

            Network

            MITRE ATT&CK Mobile v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • /data/data/com.over.initial/app_DynamicOptDex/gjlPlJ.json
              Filesize

              637KB

              MD5

              5c616c73cc3f9edbc067694fb261bd67

              SHA1

              cb1fe688ec11d5fd0ecdddacf8ef1ceeace2770c

              SHA256

              f7baa56acd5a75c4520ab481192de56c5e94d609901d893d041399996ee0b0ba

              SHA512

              37fd85ee100208d1c5dc11d1001da50db612a04f23c1b91a4bc631115d31f410e46f44646728ee604a83b839bb4a0d424380061faf5046e74c98413395b09156

              Download Submit

            • /data/data/com.over.initial/app_DynamicOptDex/gjlPlJ.json
              Filesize

              637KB

              MD5

              2fa2787076c2f40a561a6c5e7d8a12c1

              SHA1

              5608e2fc8a55604db5602ca30a47516617d946e4

              SHA256

              ed4b330c03319f9f977772cfd18b98229789055466534a3758d5b1136a9c9780

              SHA512

              25db4664c28d1d4ab95b3f2a723e454ecc00d314663a37c4cc733bbe2830016cc26959c5665076e4d6da1058ddba16a0ae4eb21df44bc1dea1ca53ef37ffee49

              Download Submit

            • /data/user/0/com.over.initial/app_DynamicOptDex/gjlPlJ.json
              Filesize

              1.7MB

              MD5

              7243d74db304a83e2c2532346d58d0ab

              SHA1

              c3c77c9a10a1ffde324bf0f23cf9a55fb79e0ae8

              SHA256

              356f9bec49d590a3fbc4c6c513fe30e4c243495b5efbf871e11fc810ee62fe1a

              SHA512

              39d5148ea76d9d41c15cd8620677605039ae45c66f34432bdea371b7cbf7247be72f6c0e266dacb90e1dcc281d15449309f1c6973e27331425451ab2d3953901

              Download Submit