Analysis
-
max time kernel
4s -
max time network
158s -
platform
android-9_x86 -
resource
android-x86-arm-20240910-en -
resource tags
arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system -
submitted
21/12/2024, 22:02
Static task
static1
Behavioral task
behavioral1
Sample
8a07533d8b06050c8f00a33dceec100ca47183d10f938ac8e0d3bf61ba41b825.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
8a07533d8b06050c8f00a33dceec100ca47183d10f938ac8e0d3bf61ba41b825.apk
Resource
android-x64-20240624-en
General
-
Target
8a07533d8b06050c8f00a33dceec100ca47183d10f938ac8e0d3bf61ba41b825.apk
-
Size
4.1MB
-
MD5
160a9678fe5f938beefbeef3b664c98e
-
SHA1
b93d5718a5232562fbe1d147c2b866732bdc16a6
-
SHA256
8a07533d8b06050c8f00a33dceec100ca47183d10f938ac8e0d3bf61ba41b825
-
SHA512
9ead6dd1949afd5c383a9578cb2dc5549f63bc5a0b0b98e9d274dda345e60a2cb96005d8a99c0171439a7754a47bb5d9718f4248a764856a1f4766059aca8c7c
-
SSDEEP
98304:Fu2zoPJIPtSfIbtlNvbxZPlm7VaJDa046:FuKNXvRwVODL5
Malware Config
Signatures
-
Chameleon
Chameleon is an Android banking trojan first seen in 2023.
-
Chameleon family
-
Chameleon payload 1 IoCs
resource yara_rule behavioral1/memory/4299-0.dex family_chameleon -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.copper.ordinary/app_DynamicOptDex/XErFFbn.json 4299 com.copper.ordinary -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.copper.ordinary
Processes
-
com.copper.ordinary1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4299 -
sh2⤵PID:4364
-
/system/bin/sh /system/bin/pm list package -33⤵PID:4381
-
cmd package list package -34⤵PID:4397
-
-
-
-
sh2⤵PID:4419
-
cat /proc/self/cgroup3⤵PID:4436
-
-
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
826KB
MD5de589f821585f6e0393f24d1a5fe2a3e
SHA16861ffc941b563a9dfd5dba9b4d793c9a230f153
SHA2567ded1058294a329c1d41224ade264eccabfecfcbd8ae7bf44e3c456df3538a03
SHA512ed317f06d3042bd62087967b15ad3484e91917e535bd76ff6959719ce3dbd954479df13953cfd6f09955be49faab7bfa69350a2576215263490fad6ddd4b0f48
-
Filesize
826KB
MD5fb814480bb22fcee75bc87b072ad0bbf
SHA12dfee0b390dd1d007e17128373368afd6c8655b1
SHA256b1dd15f1705b2dbbeb8e944e7eb3e3b0f475670037020875fc2f72cb97fe1307
SHA512e3d451d4026d9d6d3f4e7c8fafcbb29264bae6cfa9888235b35750d64d5361381a8b0558ea360c6c5f78831ce58a462877cd0f152915f3c48955127b784089c2
-
Filesize
2.3MB
MD59d8a3470c4388155c8080d7cf67a3fa4
SHA130825f8c64a5d36f704240206e5773b0a5936600
SHA256ca8899448cd3bd7243aba6fec40dab1a7c781cc6013ad3ff0e1e5a72cd0e53f4
SHA512e9743516fbc34ea1a2e4d712f38147b5e5e8bda6c5aa058507cc7ffd132023bc20a714e396aaac6caa1f5ed57db404dfd248e10304b76c8f6e6fe6e59f5baf13