easylogger | 798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae

Analysis

max time kernel
47s
max time network
141s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
22-04-2024 02:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae.apk
Size

5.8MB
MD5

1398c9c6999be6f56f2364ec680f8557
SHA1

396c173b4c084afc3a2c89044ffa42a3f0e4dad4
SHA256

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae
SHA512

49ae3724b60f40ac3646a44164fd6879480d895e1096825f484d63d286b5c5b8f2557bdf752f746651504bd038bf9e93dfe7400977e2bd6ba24576843b3393dc
SSDEEP

98304:BUlRb+MDHwasxU19o7SDWNYbM2Wlghs4DqHvSse0EpO9X0xUCd7Mmp3/U5uaMA:CKhdU1xWlQDuSsGA9X097MaPUo/A

Score

10^/10

easylogger banker collection discovery evasion infostealer persistence spyware trojan

Malware Config

Signatures

EasyLogger
EasyLogger is an Android stalkerware.
trojan infostealer spyware easylogger
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	app.EasyLogger

Reads the content of the SMS messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/	app.EasyLogger

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	app.EasyLogger

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	app.EasyLogger

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	app.EasyLogger

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks the presence of a debugger
evasion

app.EasyLogger
1⤵
- Checks memory information
- Reads the content of the SMS messages.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4182

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492

Filesize
1KB

MD5
0f9d4ccc2c7b64f9fee391af248a400f

SHA1
53621c66c469538ea7e51e91d56ac9aa936c7685

SHA256
4f8daede121dd580c33582ab3f5db971bafbe92c50d048010acac1ef6c94a26c

SHA512
5a8c9295174a654e89148b40e6b100864c6e6491fe3fa5e8953ec1d4c51194d759630c5c2f40a0daeb2199f81312624f991be54bdef2a786495e6f2b85357ba5

Download Submit
/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492

Filesize
1KB

MD5
d8d34c8b8a287a2eafac5430863a6a87

SHA1
d1dbc0efbf6cb6e0f14282436e11aaf3578511e2

SHA256
d7a9b86698f3135d48b006aad6003f99bd461bf85daea896265f7048b95f26b4

SHA512
b193ea6700aa6a73c4823719170fefe54bda298c3c43ffcbf4d2e3d378a6b4dfad7108accfe395c65bbd8a83ec480c4949f857980766a95178e4a246a5a24c18

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db

Filesize
76KB

MD5
247a9a1ab8a9d50b768aea16f443ee52

SHA1
1b8ef45ad7df4db30e70051835585e526f7fe488

SHA256
6c414fa302b351eb7df14144c5c36a7ddd181615cb540f012ff67005837c9796

SHA512
6285e17579d1253b10f20e00f40aa8432e58a0e7b0b080c7ed52eafabae8f339f250897164409d1bc6512359557545998042fe41fca2e7b4ead85ab26918663f

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db-journal

Filesize
512B

MD5
418f232d1255c7cfc3cf19071f46e746

SHA1
e7eefed4d32bb5a1a83b35bebfaeffc1c2c2474d

SHA256
c5446e2bf3fcad06f34c7113340f0b5cd6197fb416c4cd20fa0ebfe5772dacff

SHA512
cfe5fd4bfdc9fe1b23018b797662351ff8875d9ea27b1ef56f0b0c60dd42ddff937a82618db7a7170bbe9bfeb79632ef0c196da353493a7adbc9c500beff49b1

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db-wal

Filesize
140KB

MD5
cd61923e500cd8d10bef992a34e49dab

SHA1
a9d4077c81dc354417125ce11b7110b0af4acae5

SHA256
747620c5b9781fe91c985c4b7039cea095627c4c1e89a1925d93d98f2f88bef5

SHA512
f5b5fc7e02b18f1a1aaa5c4b08f1663b6622160adcaf722bd337e2d78517f5f4d5530944c81468c7b13ff442823a0984257bf7073461c5b8e2ab6981f5aec7cb

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
84c8d51c8cb9a9d6926ccebb0fc574aa

SHA1
436e68b1ceea0afd3e2ffe6d5f370eb48687b415

SHA256
afe12621c41661a362fd8638206b1ff4f9749b371591ee1e5321ad41a1382aeb

SHA512
46b10aba3e1bfc39c2050219345549e33a66ea0d8cec55fdae9ffc8fba6bfaf04bfc88af6209af61b575578ea8cef156cf0cec9d191e4dda68d201039c33add8

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-wal

Filesize
52KB

MD5
cc141d8e3601bc53287b137c99f98c6c

SHA1
f4d1088bd36a59f7f276ccdb0992f086ea2de34a

SHA256
8edcac2ed7cc13a2bf21253b29a276184397f5a1c8996bd263f9f0a6a9f61e0b

SHA512
e783dca6fd76a57f9f1e0a0744cd90d5341927b00a63cbddfbb1ad22d54528b74a64d579600080bf06a8802e3b617954abd737d9d155eab907fded2710176d7d

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal

Filesize
512B

MD5
17b9d7f4b1099443043e4c7436be0215

SHA1
86268bef6a1485ff6c68ea9e5ac9df4b3f9b7549

SHA256
47537e4d1a2e496b840b0c81d31f24ad776fef7fa8492931c2aa7a3046874933

SHA512
ad6ef20e0d9f48a3537f7bf346c9d8d2f9f6bb30cf0158b925092ac682ce89c6750ca9878bcbd08d17385226448a814184d9e2324a4e6c22a572cd621c48306d

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-wal

Filesize
68KB

MD5
c8b68bde4073e9f58bb502ee75b0a740

SHA1
7435551e289290e5e466d326639b2626240ed46f

SHA256
e3aecce220e10b70a2da43094883e2a24d95925e9f6fbf0974d33d2515413c41

SHA512
ca5bb1cf033a98a360dcd90b496e685bed2a6973dd559f4b633f2531e652b7de607ffbcef0f40f35e047d19ed9fbd3002cb102c5918f637ee81ceac3c723aa5b

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
462af5e4aa39c2afdb5171863e512432

SHA1
95edddb9b5b230a8f8c611c5852fed2a18d6b9a9

SHA256
70b18e3f3f93fe837215e37254504fa8859d59912cac6398ee9ef54439ba78e5

SHA512
9eb03f3af18e37f85e6aa2879c0fae50ccfb3f23d54421457f9b0ddde3858ff76ba3dcfd1744f48e1bdb655471f7f11a5b4fbc7fd3cb23634655b8276f601c70

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b7ea93b576b54590565facd523c3a885

SHA1
54d5e9c685a3b91f8058fc9ae5f5ff02cc49997b

SHA256
7eb4538c7355ab696c8ddd80c1559544a438eef0f5fd7060ea27c7e562ef1803

SHA512
5a043175749cbee9ef0457b5860518f0702ad998aa9198ba31a67432ed184ca677e75ac63781ee53eff5ff12bbef8b6adb6a763f010a0fe24f64cb5d56b3c587

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3dce6d1d5ab1a4ef7de6234dd3f1b2f4

SHA1
97525ab7f0ab2931ec3490736d3c82668f35ca17

SHA256
53584e63210c9e414ad814d7fe065112aa1a4ae536654ccdc6f81c329aca0872

SHA512
d4117c79c9bec51b23d4b5ea141b74b90a8663b5df1f872a5eb967700a12b77f8bf535f1ae893f94c7a33f0b29db509c1f4936b215bd9a7a8e84a8cbd0876d27

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3bb0d950fd65cdb742511e4249e496eb

SHA1
588cba51c4dc6db20668d4564133e49dbbf70b74

SHA256
94830188a4250ba4d088685f5e780cade8aadf884fa59b03f5aec54c43bcf627

SHA512
5e89f6d8885364fbb46ba55b513646bb349ddf7cdcb4ed3a9de13ffbeedc47440178a53bc4a129d8f73f24ab9a7d19187b2a7cfd690b7f65ef9878d597d50902

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ade57a9892c105eb146676b760e41e1a

SHA1
4ae761adbe22de8b6979c1e3b6f9129ab8ff2c11

SHA256
273783621ede4e3a64953b0f7bf0d9fc8ea1d76a0d3d822f94f568a1d9a36eb6

SHA512
aeaf10d02cc568f8f5a09a713bbfd0ebe83d7fd2f66903bc8a64e75ff83d9e438fb937c2f76b5424e540b10f6260ca29477d8eb7370f35cb3ba74ddf7892d8fc

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
25dda4c07aa04c72f0098b2f5c6c63f2

SHA1
7544d025b538d8a833bde16733367ee9faf2c741

SHA256
3628a1be1883a60777a78c61949d8a84cda6c3433dd5f7ba0260c456d19df226

SHA512
4a99189398342017b4bda46e90118194bf8b5a4c5976a352eba44ef8ac0309a9522bd21d0e3635ebb27d85f6e8f1751807464debe9ce2f80d03f5adb789a3864

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
595cfc8ffa52b35a65e224e15235f990

SHA1
29023561eceaf3c05537a87560bdd9290aa09c2a

SHA256
3737e78648c1b06aae214a985693b1c7afe1d3046e7f9c58955e8131111ef839

SHA512
b4b69066ae9bab14da8f945c40f69e93e6bdc02500d3014b18f53b787ccb62840c00fee80dfd2adeedf5fc49beda308816ad33911ed04346271c9b8eae5afe87

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
fcf06843db53c53aebe75723e44c7504

SHA1
7d59855050df6fd158a3244905540f79002d819d

SHA256
e7aa174277505bb93bf1db571d04882d487f772b4fbaf9b0cdb70913ca783748

SHA512
2ef05cccef90da9bf0f25a8f95271f8049b935c3bda007acf26e9eeaf760c77170315acb0f37dfbe050a6228805aef2d9b8f12b5efeee05bb7898f960b6c87f3

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
4c9be4beb9ab3603adbf854ef47e0f40

SHA1
637db32c1559352416423f008011add21d19fbe2

SHA256
47af992d5c5ef7c984589054f4a9bce16f346b13b4ab4c4318e83498077f5170

SHA512
87291c3c591a661fe09aad6b52de85a89de8a06da747a9d7b372fe66c0101b6895646d26b47687ae8885e7201cf9cc7c3953f377a5f4ce5f98c6be9a2518076a

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
f32a5a45ab0806d95989dafcb4cfd9a3

SHA1
7f5379cb24520453054d215e221fe91cca2f76e4

SHA256
6211f44220f6eec9c5f18d97907dd96bac3960f0aab7645530241310861e41bc

SHA512
613cc810dc47493191149a01b0db553b4441c52d99861be314acc627669cd51ecd2fa1f796f217d2f24b8c2fc094c7dfcd246cb6eaa13c7149ffce8d5f37ad69

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
b74c4bd26e2b039b0a6c2ab708f840e5

SHA1
5e7eda935916401dfa9c5df79275343ef5b722f0

SHA256
91725afcb228e9d1813eb8ee5cd5ff54187b9712f4d54db1c3f05f18b0c65707

SHA512
e2e632aa0afae30c2b59a48d74aa09dd1c4d138b052701f34cfedd99fe3f843b63208ba29cffda2f4a898015a92a99b15bae7d653fa8290bc5c443f843a9bff3

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
931d9859ca6054e80d7b7cca2c95fed1

SHA1
4a8d590d2e51943778835e2629eea1e6646e91e9

SHA256
3dff83e2e5e78bb488c3d8fd44530c221cb53dc0cd0a442742716fe70f3232b2

SHA512
2b22407815bb67c947d131498e8f7bf09f5faed6b83a0bbf4f37800819739f47a1a9a2cbd7e999077a63a2df0ed8746b8f6e8d8a5cbab16aeef5d8cf800c319f

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/com.crashlytics.settings.json

Filesize
710B

MD5
afc7e8fe6fa441deee4ed6c8258b33a6

SHA1
e66c15b7c01ef18c3e91acd37781db13eeac4d6c

SHA256
f7ee51ff5bf472de5cec57e9bf9e7240c0fb807a7c92a424ef945e9befb99d85

SHA512
cfe30e1c8549d752ef30023c700dc64542241b797ab4d41076c011241f82eca012c3313bc1830ec4f7b6f7885f8b55510baf8fbeb13d4fcf0e8c3e1f83139444

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-6625C6C0024B00011056413A9AA0A338.temp

Filesize
442B

MD5
268dbd74bd2c8879981742d01c670f42

SHA1
0aa713266c024de2645c8c6c1faddab007971654

SHA256
1e5a71a1c3c098049c98d0950f646ab60b520c751c81426df8f56f89a3d09171

SHA512
627c20168397259153622a85059ebc00fadf68fb44028d96534b771edb58d3fdfee4a85117fbad8d152fb695b9d143d907271bb46778b29e5bf67dfffcdaf3fe

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-6625C6C0024B00011056413A9AA0A338.temp.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/report-persistence/sessions/6625C6C0024B00011056413A9AA0A338/report

Filesize
732B

MD5
cde7d8413ed23e5befc94f0b923e05b9

SHA1
1c6619d08a576b367fcecc3826ba95621efb9414

SHA256
c6e8ce4d561cef9de7e293f44b8ae43399c948f3d1ad99b6d7ebc1e232e7131d

SHA512
ea097e60f4e6169c0040bbb3fb1c36cc49d6c2db211a9b1b5f58cd019234553ce96f297dc94f7597da6efc4a4bbbbdad469b5c55ab0445b5093385f2350f8ead

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation4993030009354370829tmp

Filesize
562B

MD5
d4ab163a1be9422424c835b6d2076623

SHA1
f443ff7caffbf72cd53255e1be76fe8bb59aee23

SHA256
f677dfda832091bf07d9c43a5283770469dc64b8ee36d1b4db6cb1b95800dbc0

SHA512
b336b6383bf2fe3188574fc74384ab61cddb1d7122ba345f750fa164939eb167da94c7eb40bda877b01f4ebbdac0942f7bde77c02b8538a3a1bfb673480b7123

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation9119275807692832149tmp

Filesize
90B

MD5
c113fc6928a5a4dc650c6cb4ec57f9b8

SHA1
ebc9d724d6203f3a2e9891a1626222005d945f8d

SHA256
a4ffb7d69706d37bc655db01d9b45a5ed6f84258388933e5282c351f6fb533ff

SHA512
13a8e564b32a74880953c843fc08626548e26a5231610a254018747794ec789442339c598751ad56c41ee5518c89947932630f466289c499acd312be0c7c8a11

Download Submit
/data/data/app.EasyLogger/files/gaClientId

Filesize
36B

MD5
ac33ee11adb6463dc69a922deb11fd5a

SHA1
f57e649f886d796fc3661c4e937fe145557fbc3c

SHA256
41c1e2d91bd6bbaae47460979aa4b159eff73daa54e9d90c8feac2c556681e92

SHA512
45aada30180443d5f693baaf31a57172ac9a5a8213a5ea9f146ec3fb7d934e5a3b4af27005a4aee2ba29cabc04652d7edc27e70db99f5917491834bd4948843b

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
274f4ce356392f6730bd3b88fbb84b1f

SHA1
998da18cc9a7c8a232d919e6f0b254de6a32413f

SHA256
18fb08f4523b30f68f2ff7ec627dcf65d25e41573143f55e580156f0570116a3

SHA512
fb80e1e6cc5cb27bfc01219c8b2cbe41a4e28bd10f0d71d52b65120ea49c07dee657d411c1ac1a09f9dd9395e6f950fd30b39d9fbe18a0f2b9f30db916517106

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
b8791593fbdc9ed9d9111db379a7164b

SHA1
36c7d991276a61f862d2decfcb10d906828e0282

SHA256
d3bc836ca79f687814d6dea9741674d3cb5f5e6cb0c91d653d259711fd0cc419

SHA512
73b7450c341ec00ba624dc60e659b2b43a0b405bc16c52136721ad15505c493d7b177930cb97b571865b815a4a2d2f55d894f0978453107fe6d18922a7669107

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
296bbaabfc4a9181d4b006f59d8ca7cf

SHA1
39a65ee3e48e56881e638797568ede39563945a2

SHA256
b64be4d0bed3851f048d00854f834b432a7ecfb4fbc0123792a7c404b2dce7bb

SHA512
ae74e7b9cff1113372ff997aa3669a789ea924024c21e13ecd1e72f6fc311a49e26cd7fdb40d4db8b7d94a590355942d130318c8eb8fc94d744c7bbb99c70b44

Download Submit