easylogger | 798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae

Analysis

max time kernel
48s
max time network
150s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
21/04/2024, 01:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae.apk
Size

5.8MB
MD5

1398c9c6999be6f56f2364ec680f8557
SHA1

396c173b4c084afc3a2c89044ffa42a3f0e4dad4
SHA256

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae
SHA512

49ae3724b60f40ac3646a44164fd6879480d895e1096825f484d63d286b5c5b8f2557bdf752f746651504bd038bf9e93dfe7400977e2bd6ba24576843b3393dc
SSDEEP

98304:BUlRb+MDHwasxU19o7SDWNYbM2Wlghs4DqHvSse0EpO9X0xUCd7Mmp3/U5uaMA:CKhdU1xWlQDuSsGA9X097MaPUo/A

Score

10^/10

easylogger banker collection discovery evasion infostealer persistence spyware trojan

Malware Config

Signatures

EasyLogger
EasyLogger is an Android stalkerware.
trojan infostealer spyware easylogger
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	app.EasyLogger

Reads the content of the SMS messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/	app.EasyLogger

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	app.EasyLogger

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	app.EasyLogger

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	app.EasyLogger

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks the presence of a debugger
evasion

app.EasyLogger
1⤵
- Checks memory information
- Reads the content of the SMS messages.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4289

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492

Filesize
1KB

MD5
99dbb4a93517d926e4cf2b6482a06fd9

SHA1
0e97fbb196bf31df899ae242c4890fbda052e727

SHA256
460cca2d7079a1e2af3175f1e80094f92f994702adf73d735dd27dbbfa045750

SHA512
1cc73880bd98e63ea27232c9e34aa43e0c9092a5f9e584b52de9afd21f8197bca5edc04776f2059d5babd11a27b8f802d3ca840f11935a1d13b869232f069cff

Download Submit
/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492

Filesize
1KB

MD5
7dc3d1be67a878410bb2e6e45fcdcd04

SHA1
2a427be5c432f01d5c6585d25c760f202c5b163f

SHA256
1ff678f86908f744c8dcd6792e8967b28414cee530dcb7dfda9e867425bbc631

SHA512
0bca88f824054ae0883a1d893a43ec633d15a28b4a2366aae40288f55b2352ea736fd0c01d09e9d67832eacf6d0f1f8c573171f7bbec967f416c5fe530125d9e

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db

Filesize
76KB

MD5
247a9a1ab8a9d50b768aea16f443ee52

SHA1
1b8ef45ad7df4db30e70051835585e526f7fe488

SHA256
6c414fa302b351eb7df14144c5c36a7ddd181615cb540f012ff67005837c9796

SHA512
6285e17579d1253b10f20e00f40aa8432e58a0e7b0b080c7ed52eafabae8f339f250897164409d1bc6512359557545998042fe41fca2e7b4ead85ab26918663f

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db-journal

Filesize
512B

MD5
4296dcc0c7501139e88e07015e9461f0

SHA1
d24141de3e12090e65bb47a7a44349524709edd6

SHA256
4dcc551417753acf62d5a8cccd2677ee036684cfe016a200045efaf6c0829bfe

SHA512
3f5a0c87a88989acc13a5f5db3c242f456d07a176a5d82054fd9d6733a8cdbee0885b31f39795989deb72421a948e6f59bbaf2267cf1e7cdb4200838cb6fe07d

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db-wal

Filesize
140KB

MD5
8966a4ffdf281dae09701b9432fa2c44

SHA1
281c29c5cff24621c5021cf5eb45e7137bc9ed58

SHA256
a327ea6fa180db1b8513fa2159a76d9660a2b9ac91747db31a78d8b5e454d155

SHA512
848e0086d1bbb6ad53ab3416418530acbbb6fc0e7f308ac828af7329142b9eea2f5dcf569e5b2d01b4e191c2cada14fffdb97f86c784be08704d7657400836d2

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
7473f2bf242d9c6252f3fd9ccaa7918d

SHA1
42e25e99a47506e72514d409a4a70c1729a45bf0

SHA256
013c24c245a0865a978fcb80d4f291aee94cd0f1c3dce9e3354d9fa9baa71898

SHA512
bd8a65897ebaad24075ede811c4426d85ccf4951c75127dcc7029b78fe772982f71d10890adf5fc453e8af34f821e4d85e0e638002f7958fadb359b050a0555f

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-wal

Filesize
52KB

MD5
2449d307fb947c88e38287ceaed73071

SHA1
71fbb463db004cf6de704dafd1e5807bdfe82857

SHA256
c8483ce4da6bde87d313dfa346b80cf3913a00a2a0471bb50912a60b8a0bf1e6

SHA512
f9fab86bce3e3aa2cc30cb2920caed3a3601ae71ef4608e06fe75722149e24922c4cc5c4c29ceffb12dbb3e308869286015d0d8708af7556c529e990df9bc503

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal

Filesize
512B

MD5
a53918507a7796a6a612b58dfa8aaaa3

SHA1
2069e9373a8d09628bc97d65906647589aaa23c0

SHA256
4313086f2b5b125402e16c5cc2f30a8fb76956b56e7a337fc8fc9144d04b4517

SHA512
ecb55ab81009beb7a144e547f00b4d2311a1798c110194a542b9c7063a26ab9e1479db1bf22260bf9984341fecf757ac3a320eb2ba7cb85412f9dd041125b60b

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-wal

Filesize
68KB

MD5
88360307f0b2a9183be566d049d1a20c

SHA1
05d7d086c00d5ea146c93a822fa562d970b6153f

SHA256
30c840ccd465f00a8fcd162fd5f28e47d41cdb34f28e98ffa67a61502c70dd44

SHA512
50a6b8c4a3bdda45c52b995327a812031c72fce99f6bd791accf113db84be506e0b3a822c17a601b19c5ed34ee7ee654e66d6ed9a840ffb615c38278915e4ec0

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
72a9e21b19a78aea773f23d5ff88bc23

SHA1
139428ddc70c47dd02cc1bbc291a886e4561ba4f

SHA256
2f2e22a5fa1630f0be1369e6d57795f0035bb45e39e8231458a1b59b9ae3754d

SHA512
e9bd2128a409de31e82a146d5f8f30008979cd17156ea7e5e6f2ca0cebd04ade362dd2619f1caa6798545d419e0d91da0c95ce56fd21db770411cca74a641aef

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
42a3609ddaeae3e03a473e282df63b1d

SHA1
74bb1729787ca34f0f62e0bd26623db7c71f3e16

SHA256
17831a1e2818f8bf0ec0ec347aa38b19166af22d0a170129416727a9ef871cbc

SHA512
8c21284819abf9afa87a80dc1809443b069bc65104a12a95ebda10ca1f24e86688cc30cb2882013071b1e75592498da243ecec36da622029186ca99603a893a1

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
4225f98aa41c2e9dc622ce8a45137c38

SHA1
90d90c078455a75bc87b3ecbaddefcd53137e7b5

SHA256
40691ec395c7ba5b490dea8724fad093e2d56b5e1a6fb464d051dc5b55411203

SHA512
bdbcae9382bf0faa3ab0ad9f7ca517c6aa3d7b392ea0ede9db7fa9368919ecdc27d2fbe6eb656883c9f6be7897f1a7e5286a43608c2aa17c631f77af9450573a

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e5189d14ae3fc73ee3d782ea8ff6b1be

SHA1
e9cd047c32d3433686d5353a9597cb43bc163e94

SHA256
887963923ccdfbaaa9360384fb818480947f8831257ac85e0c2810ce04fd181b

SHA512
348f4f7e4d8485c8f6bed50ea5dfdf25a193c02e6edc7266eab166d39f02d89e679be8ec212c962cf9dc3ba52dfe2842739c3d45a386d1c05854f1d041b27af8

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
87cb9139596742358c3c3c255a7eb83d

SHA1
4c828cd7ecb820c49388be23f7044752b2a799a5

SHA256
3efa205c621cf97960f5c1b691931bf0b983ceeebbf1833b6fa0f9b1391a1593

SHA512
7edce5c507f0c3efad1c9fbc7da751a2b11de32fb23e52f21d18cea525e1172ffcdf71198884a0a5c88d84e3268d8125815fe88f78743d9a2b2fb4982a841b2a

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
2398d0c294d6819456c5d37b4aa2a225

SHA1
e3d40c0c7f3880380725fe2da193c639b93f51f2

SHA256
e9472b5ee6fd01bb54ca4fbf26bb77b25ea6577b817e7ca08a5cb4aab56179a1

SHA512
5e53747b74c64d8d86d7e6ba2a95bcddcd5d93fae895ab42d61a7b6abc2b7755d1dc551945309bd52554543832eb2232d26c36fff4cdfeecdf57520721efd314

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
40f35e618e9497e8a1805777c3b1d1e9

SHA1
0e52080b08ba354e4fd1161ab2e5715250a51b76

SHA256
da06074ba19c9604c63df0045bc250b4a0fa3c223ca28713e10a2b7882f3083e

SHA512
fedb46c3bb18a14e667f500eeae321c3e6cf7546f975e419812bed90cc16b928eaeb9c827a382c9c5092ddaf8cdecc660b1383563461f7c37af2796bbc7c03d2

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
c4b68d9a6f388a1d7f6189e5a0e02f8b

SHA1
fe65cad27aeeb25a5ff704afc324553f0ddf6584

SHA256
061b5f773344b2c87c4e93a38069588368c00a7b2834623f95151ca9b08c6db6

SHA512
c465be9e958c1e6400e3fd3f91d4fd67972820a3563f6b15cba6eb45d729e90a285d55f5e6fcbf4841ff8f65e6176db8cd38bab0f4d3ee0c57a45ae3d05aa812

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
6f436ea3a79009169b54c1b939ec0da7

SHA1
f80807437221b216ee49762fef68adb70e4209c5

SHA256
b810d255be176a4f0fb31213d1eefef6f7bf9fe3cdbe7b859f8ff88c8bdb2ba5

SHA512
16030f340c0e588625b8f69a4c87a6a9209462de3a9124b5ed27ba774309c6536c860b2ade70f8a054d02d11f71290e5af2594cc2bf14757e57b3b0a3d08ac80

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
15d906f4dc38cb8b0f0f4b5563c075a9

SHA1
7459d9d6713308e49ef747886dfa74fc6f7a2317

SHA256
312878d6e0dd851253586c60547e99fef0544855f212631ddb1895290897473e

SHA512
a508753db3baa2f86296d639c24be3c33d4251627a4c6ccf310462df771a06a4378734acbbf9b4c60cb488a15ea63b1d3ecdf83b013a96556553edea4e7f25c4

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
2a32028792f66b69a9656beb8f47f727

SHA1
c2bdfaea4d9000fbb70c775e95b6ac4264a7efa4

SHA256
7e41a664ea953831ae6d50bb84ea8e0fcf31c74de3a4ed85af1f354707d9913f

SHA512
b18bef489d71f10d5fd5063bdc652f1634485291e5a3d61d53c9b860290906b3ff376902086185159017b7fd39e31c47bbe3259498b83b23577b479170bb7690

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
d1586c4e887bf59e68f8a679c477b23e

SHA1
a54c6892aecded5f7d6e488cc2c1dc131560bba6

SHA256
35ee2b44668ebe03e60630c95c999c10abf94d997d07f7426e5810f6bd25998e

SHA512
7d00f53e294eaeb8d7145355a1c584dd59f6ea231ab42d5b8ebdb92b55ad699f46a1a74abbdbac255b74ee49373f1a929657dffd9499ceb7055fdc2da27b1585

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/com.crashlytics.settings.json

Filesize
710B

MD5
1c3d6617223d184ffc04fd22a2dd580a

SHA1
e3cbcad55d5a050568d3c6236951440811fdb15c

SHA256
14d311a64182b0d15b8cfdc2034908ed01be83fcc400e2a65413838937c56c27

SHA512
e507c928b67a9d40d7ad8a143d88c508f4869c5bf5dcf71dddf1a6b683194099f6616972b949316440095781fddf1a9a4de1af11a69a3eac1eacc69e86e29a23

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-662473260372000110C1AA2AACB3B8DB.temp

Filesize
434B

MD5
65365ab438c11a7f2c9b7eaf513d16e4

SHA1
984b6dcdb53a2d47cf251ada65a75060957bbfb4

SHA256
6f85c978fcf793b2ef5194c9c11d477606d6cfb584dc23c4861fde21a0e54719

SHA512
eb8463462ac5d11234d5290c078b1291a5e54b8ff3dc16c380b9342b47c08b7d4486fe43ed0740bf1bd37e0f3e366b922696c05aca1893facaffecbd123f0e73

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-662473260372000110C1AA2AACB3B8DB.temp.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/report-persistence/sessions/662473260372000110C1AA2AACB3B8DB/report

Filesize
732B

MD5
a91ca97c80c525303e35a27c99379279

SHA1
5ef12dac4b2f2fa838f027a1fc8792bdc666cb39

SHA256
3260f7e56fe4f4a8d1af90f6cb1e025b159eb8ffdd52d5fbc6b3519339b880ca

SHA512
15da7856d5ab6210a02fe182938e8b17a71ff0db770371b024bf746691a4575f1d58f5844257b24eb6734eed3f2a12f1924cdd0251a7ad70ff320b05485af21f

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation1014581838842483699tmp

Filesize
90B

MD5
84e673aff6c24de56bc8eaf169072345

SHA1
1225d1f31d1d4fd5c675ea9f2c0759df9e7654e1

SHA256
d84e4e746cac31a6f952798d593fdea35c8d332c5bebed863120e430fe8b20da

SHA512
c39601eae5131875305b847c70be376b2634070446926021da402a6140bdb47a2823ef6730df57d4a5fa1462ca7a3af1ce4430560de3a61bbd06485418bb070a

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation4721624050244672386tmp

Filesize
565B

MD5
138e8b42d97aa3be9b0506436b7725fe

SHA1
4b5637e13cb4a57e04e0cd92014324f0767aa396

SHA256
e5f08da289c8ba2026e844a4a8b21f1306e6dba17c366852f58325b53d5a0296

SHA512
7dee50a3031b42a83a57e244f80ce3898a4126b627faa157d2ea9867f554da77f4c34a77408f204a45671011e8f76227c9ce1e4d9bc129389fcbbd7b03acb518

Download Submit
/data/data/app.EasyLogger/files/gaClientId

Filesize
36B

MD5
5018b6a8062fa2e4e21024691a2ff3e0

SHA1
2f9781bb43396862c5c97de4e50865c79106ba4f

SHA256
4763bd5994ae0c207a288aadec81804c9a9dbb8163948491598824edcc7b7f8f

SHA512
72dc4c4ad9dd7e04494eaf08c2f09c588f5ba7505c73a03f1527c730b3ba930904b45c3a6d8c11bac1f204f8ac8d866e824ff4c7ef681f4c49a12f87139fb16d

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
a6263b931f70784a74288e0dcd658387

SHA1
2556f9f989189e2f16803f1095e624e984ff74bc

SHA256
64eb58a6ca7bf1a10bb111fce904ddb3eec2dcc4b93969ec83b92ea825e471f1

SHA512
f839e56e5c2630a365ad2528fd08d44b0947a3d1f1682f21e95fdea55569d831cba3668db4342f3882030618c56c05bf4312fd19856e154e5d734c7b5103a009

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
3d13789d1830a8bda1845b5d8c3ae00c

SHA1
c0b7c963e3bcfd24f70c379b43343d6a705154e4

SHA256
67ac452da6d32f0d4b60ffcb1c2af951c2ec2e7fb43971e61c5466483d7361e6

SHA512
fedae6337dbb5d6e3075214d55308fd467200a4c7024faade1238f1c6ef9280e41aa78b54b5e45be6a96f484aa065fa2a958c680401a05240b349ecdd00ff6bf

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
5264e696ff8d368e5acc36f30180f216

SHA1
43dab1214c29ae12f249226fb8ed9adcbee0487b

SHA256
98c0e65ada3f275137e23603d759cde64d2c9cf4eeaddc01ce10795243def15a

SHA512
fbeaa1187bcf2b300c780f7347456ab90d6772065beb408f136116cfa40d07828413506b22cfddd277f9eab4748372178c88f85740ea7f4ac9fe7be8dd892a90

Download Submit