easylogger | 798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae

Analysis

max time kernel
14s
max time network
154s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
22-04-2024 02:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae.apk
Size

5.8MB
MD5

1398c9c6999be6f56f2364ec680f8557
SHA1

396c173b4c084afc3a2c89044ffa42a3f0e4dad4
SHA256

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae
SHA512

49ae3724b60f40ac3646a44164fd6879480d895e1096825f484d63d286b5c5b8f2557bdf752f746651504bd038bf9e93dfe7400977e2bd6ba24576843b3393dc
SSDEEP

98304:BUlRb+MDHwasxU19o7SDWNYbM2Wlghs4DqHvSse0EpO9X0xUCd7Mmp3/U5uaMA:CKhdU1xWlQDuSsGA9X097MaPUo/A

Score

10^/10

easylogger banker collection discovery evasion infostealer persistence spyware trojan

Malware Config

Signatures

EasyLogger
EasyLogger is an Android stalkerware.
trojan infostealer spyware easylogger
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	app.EasyLogger

Reads the content of the SMS messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/	app.EasyLogger

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	app.EasyLogger

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	app.EasyLogger

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	app.EasyLogger

Checks the presence of a debugger
evasion

app.EasyLogger
1⤵
- Checks memory information
- Reads the content of the SMS messages.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:5021

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492

Filesize
1KB

MD5
133104ddebc772c4e38c4e8fa89565f4

SHA1
70ba4ed38aa0c3a2b49871ff3e7872c6a6177f42

SHA256
260945ddfdf5bb43d80ab9738e8c43c8b640b83a6926a9a94c5fad018e13f1ab

SHA512
064f9f3f998f0b74291c01e2c0ac5549d46dbaa6dd9e53a3ea0ce25e7f358bc9c3b79d0bddd96d310b8402844231a4e48e4ec09fbe4f3be90692aaba8d28b734

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events

Filesize
40KB

MD5
15d5b92dcbda7ef7f9ca327a903e46e4

SHA1
ca153b66028a58d90346ff8abadbdf01b95c37b1

SHA256
e802fdc1ccd833b91d80bb1d8f54cab2b585393e6a07622c4d9feaab07633370

SHA512
2352f167ee5aa37cb3438a0a7df8f632771a1d019c5cd120fe62313fb73aed6d0e09186a9bf306a564371b846a8da020f6acd7aede0cc47ca50701611fa84aca

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
1656cabf91ed52f2ab2774aea0d76f0b

SHA1
91262338ce8ada9049d97013ad25bb537a1286d5

SHA256
60ed95e74639456ad6c49b994603789b200ab2b1c5be5efe6b8b47895c028734

SHA512
48043be988922bb099415d61cd7fe94cf2ee6a7ca3af826dea2376e1bfeb81d2b047dce5bfb4b7b2c9b0475a1e424a17511fd8ab5e7cb1fd6447585ad3f4c113

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
7952665869a2cc388d921c14aa0fc792

SHA1
14d89937a97fc2f34e1a68b05bbb1722acbe5e54

SHA256
f9b9a3561e00921873b8a11c48ec4382a8a5a4ce8d1e1fdf9305a9b99e56b32a

SHA512
dc9e9e80b9f791025e1c354424022ce43d32c0becfb5d84ed9f5775e8b5d91ce3a6e6d78a578665bed01c08492d9d87d7fe79da8830d27f7f7f68df57db407b7

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
9255e2e30736cf3ee11bfb1035f71feb

SHA1
779cc4bd439c122ef6ef4e54b799c94968c690ef

SHA256
cdb9647a32f680ab69425c4dcd102bfd376a335c5f54c541b689d9864833e51e

SHA512
be4059553f74b0441f7acb0ff841b14bc94190f8eed749c60510164a9858165e2ae91e78d38fffc2abdf29d466ed8e2c3d08ccd8e94f4c41afe91784693ab848

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db

Filesize
28KB

MD5
7fddaea101d0f9913c1c3d1d0e98d9e4

SHA1
500ce85032764516f9ddd51c06e7ca58d99a1491

SHA256
fb6bc0222b1a73ea874e830b004255b1d7b987b12d6fb7113cf3024232747e23

SHA512
fd57554bb0fc068e4d4848baa677cdd19a180e239ad25afa20175ce661c058d2b09a7d1414ac3e3267e939d55095c6cdcf4b6a67c684d70f9eda8db7e3720f4e

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal

Filesize
512B

MD5
b1e1b3756c1ba032f6adaa588433f86c

SHA1
8467a9c1a2eca743ca95fb9e252014b7a44be550

SHA256
d96053dddddeca8bd5c25860b565bcd0fc770dfaa3c30a0db66d8a6cb183ee8c

SHA512
a808ad8c675d9ab4371fe52f769818c7167e3a6fac24d2664c8f543dc1bad03d348680ecf5980612ab47d8d3e628e38ab9d6642f8c9fbf8826837a427ba28d3b

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal

Filesize
8KB

MD5
0502ab44e0bf95b015e98a2341f19d76

SHA1
ab4c2c99397f19cf30bd8e675a0076187597c777

SHA256
101484f03336c4b760c9aaee2d7f33900110a232a3eaf3966f51a76210edb729

SHA512
d71b686a3ca317ff651da4e64c1d35951e8f16cc8083b4f88655fced125947dbec3c428178c843248fe8545f5d93fcc62ca5b4b4546c5bede3d1f82ed75292c8

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal

Filesize
4KB

MD5
cf655bebf17833b7e40084b15b946b85

SHA1
366b2879e86c2449b279a9ffc852c148f7c3f3e1

SHA256
6df33695ec25be6808dcb9e73b0aa48ca8efe5eb96c620e45fe4774e5e63d9e4

SHA512
88da72bbe5d6a682f14684db0b97d058a8086ce1cd972ea5c5349882ca33bd0ed466c620a671ad5ade7715d338ce70be01532aa66ee6e4ab793ccc41de56516a

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal

Filesize
8KB

MD5
c5d6b5ccf523d3364fccfcbff6f7f13e

SHA1
eed99e25772237ff6d83743630677dd3ab3a32cc

SHA256
7d4f18731bdfd22804b9d0a8586c649c63b001d6c15ab1740dcd94d58ac3312f

SHA512
515ab64721268e6393f94c802cf18742535aeee94cdcec08338125f213c3e8aac48a4f566e2dbde74933f591dcc2f98288cffbf91d8c5be711d00e525438a1af

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal

Filesize
8KB

MD5
296b90ff40e5a4722de440501bf5af3a

SHA1
bdedf40283250c1fc1e267ff4ae7a9c416d4b129

SHA256
a16fc53bda1861021b0b1653790b11f58d6f64ce0d63250d3349652692c06a5d

SHA512
2d5e05a75a9f3a8ea57ce2ab40946721ceb1d6f9959a50add9f5bc9196a1008a0481f60c54574f069f7b6d339cfb21340608dd024e64ec8c6b1dd16f01d4e393

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal

Filesize
12KB

MD5
31f31e76ecbffa0ff2eb13d864a78d09

SHA1
5187c169bbc54914e72cbdc350a7b2248b9f5c7b

SHA256
e2ca553812180d179d9e455775ad03964bfba479db8c9ddd3889b766451fbe38

SHA512
e30a747c3669cd16c0ff607eef0669b706146a52efe2602dbdfbada2edc5ab6db139eceeddb06c6397b437a9a762c53f75e4afcf9d64fe5f6cb04568ea71a3a5

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
32c5404169291a43cb09b968f83a96e6

SHA1
435dcc00fedd10c9d3d5d6848f23938f8d135316

SHA256
f01b5093f65c45742056a23b2d904ce7b29ec9e12a9282c4cbe919f32a1bb06f

SHA512
fd41675cb9faed8bf004574282c93eae34516e1bdb0d585ec5380361da769684f1cb41531add55f9c5dd6d7842ccccdce5d7ec664bd75864de9807af5afd1f4d

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b5ae586e46ca57ba8d9f0e0a5f1b9b0d

SHA1
d13f474a1412ddc8ec0394e470a8d438575ea3e1

SHA256
b8767611aa860dcab14830842adeb35a38cefaa6f9a5e878cef4e522ca2c048b

SHA512
7115ae829432fb8d9858d1852f045392ff4da863a0eb838463ed951b7ec043e5c2a1dbda1e1269d67c577800e375bfffe57315d1c0be5e690d6bd28efbfd2f1f

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
1f3eb342e969df7b7255ce0708c1f4fb

SHA1
cb7a71f04134c505a3f725cabde6725be2b5fdae

SHA256
db713fd8233a9194c6c9cbda54175c8de9be9ed0e000ccab9d6853ec307015e8

SHA512
c703494ddcb4ae80be706b4fdaee9153c3f9b0c07f704cd76a6011025b69d54b6e4d47d0a8f5d8b6dd461668995b9551f4c4e3246d964b210d486c5aac31593e

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
6b6aa9f9b02fbe6f38ff3b6b95a21db5

SHA1
416d4bcf5869695a9588d7b7f6cebf095b13c701

SHA256
184fbad481a5d392c85a3f9d78714c5db22ca2308d12565407fa5801c7f0e8af

SHA512
6a6dca4102e7dd68e44cecd4af450d97b5154a01123995375f158128f766673aea3ee3b02fe8ec8de66faed024faf489bdda44335774524064c8c7bdd1877ff9

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
fa4dd57a6c2c68d538434435c3603805

SHA1
09ad7de2f954e9d54f59eb00b3d1fbb553cbc09e

SHA256
4d026b96d5185718f6bc0868d9da3d8026046021cfd1425dcacabd5687724cd7

SHA512
a854f01932624848e2a7d7f9a7e511d6ff8ffe842e9cf4d1824b91cfcbf71bca6779592d2e4f7d6a39ee619ebff5e60041be6c60dda48ead190f52dd00d4bac6

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
2130cb27f1c8cc3eddffd0c93557b367

SHA1
298234cdbf7c01e1418ee2764f0afe4d0aa06a9c

SHA256
24995e2a56427e0f5ac54c4dc849b8820d5723ca8d85b4895b5060aa2eedb23d

SHA512
f271f81087f3bee74b54ec80d1bc1ec859950c05304696fed7d4514e15d6d80a56e1fc389ecd0145c789a6211cf2c57f0b516418c9fd89c2f9d4414c02cba77e

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
ad287a02cb7dca794e33e2bf4f26f9ab

SHA1
87ae062b8dd5e49dd460e7ec2468cce654b57bb7

SHA256
6216c17af7d451ac065d5e5348f0118ed9e562753185da230a8271da9cdb0736

SHA512
cc73c533a09078c6f684c783032def7dd88f7188533aa5b53791b75230e4d00a9722236fa2581fbb6f620bb8e9217264ece9ba6858d320eeb32a6ce8775cfdf0

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
5469c98af2a3a2c75224f29d653aa4b7

SHA1
4e227a7a1249d7b4d1d153b50ec657d2a2e58b99

SHA256
cdf2d52b66530be9ada2836ff680eec746bcf695ddbbeca2ef2f09131b79b6d7

SHA512
252b8d0b01305161ed848f8c20ab305b6ee9a72fc71080f26f14e9768e8d6b0a83daed8243d90e8d7b52aef49358459fca8ec47909c82ef477a8498ef9b36d5f

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/com.crashlytics.settings.json

Filesize
710B

MD5
f3fbcaf1aa6e1890450695fb3d332dc6

SHA1
15a80ad3d1a30e8a150dd979ceacf36a019efbad

SHA256
ce69a81bf4f0781e8ee874aee492f75bf6f4fef8373fd90c78ee5260393d1e93

SHA512
f10b0c9b2811c9bcb4d1abbdf1cc3b774d15bd9e80e47854541bfeb8a606478ea3a6d0bf3cc969ace7feb7df8abe030384ee9e745e04de84066a391e006a2ffb

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-6625C6BF00770001139D4924920A0ECC.temp

Filesize
88B

MD5
51fa0301f330f002a9c1bb2c7f74d976

SHA1
5e34e912e973581419f7711be4b5dac579c84bfc

SHA256
20879e9fe64e9eebd960dcfce71c5181188809584a029a9624aac3025e86031c

SHA512
387ffd0679c6a8012321708f7754dacb4cc36f2859dd4f6ba1b0554a7b896038d0d18c218998fa96d7eceb22885dc0964a1b90548ff486e21a7e0ac322b4bdb9

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-6625C6BF00770001139D4924920A0ECC.temp.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/report-persistence/sessions/6625C6BF00770001139D4924920A0ECC/report

Filesize
733B

MD5
a76b1e0c9a6e25fee95ce56f7f70ccf6

SHA1
52c26e30e7d98b06150de29fbdd382046cb72207

SHA256
d8512a10fd6efc40305dbf3a0ff436bce593783533e49a4225621c54663792ca

SHA512
f6d8c081ea2122109c77468368cfdc60fb60ded10cf914addf2fcca7dc53bbde91ae1922540f96b03ac903808e1d5bbb34acf65d8f651fb725d1dd96c9d6dcb4

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation4579881897129113751tmp

Filesize
90B

MD5
3a2038f2288fea53a2939258d4c9252b

SHA1
a5addad51a833724e1eb83b243fa535c5cbcdb39

SHA256
385270cc31a1e42c0eacd91a6f4d27a333bcf011f2e4a1fc4d5ae0098e898a64

SHA512
6d2455030c502af4a937694ec652f2d2b59811e9ab82d5b2f90ef146fa709c2d34707aa80517905a3d691308aa1d4e6c63b8d8779c324d04e9db76146ae9ddbe

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation6857082819301232150tmp

Filesize
562B

MD5
1f9d7a29e4ae3b23d50662332fd659a6

SHA1
08dbb33c0b19d549dbcb12389bd105997f43c52a

SHA256
93d4377e2a5ecfbb72f597ca9d0ad86baae09970bf7e3531cfd02ef8dd2cb93c

SHA512
6dc48c6fd080e1634e6ddf49b5e88328f411b5cc203c1c3745bae39c28ab205b533846bc381ae9de9767549e70c8ac5d96dbbbce6afa54e568cdd250f6da3b86

Download Submit
/data/data/app.EasyLogger/files/gaClientId

Filesize
36B

MD5
161a509ca90dac6b4cd95cb5a27cef23

SHA1
4201d7442117bfbad4b1eaee00756ea2e98d1066

SHA256
6cb30bad955d0cbc8dd40c77291a2da202b1a6491291a8bd601abe8c718446ff

SHA512
01bc58616bdf21216d9a6994a2d3515156ff1386f957635a59cde8537b6977ce8a858def1bc9b0c9726863ecc2eb1b548e9ff497366d65bd7d8bf8907010ba31

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
0f1e89c5f37021c09bdcb607b7578741

SHA1
42b4d246986240a1f9c803859269b939b319b902

SHA256
46a37ae959d2dac462fc3f9e3579e6770f1232edc8ecab8d5ffbd96e8e8891e2

SHA512
35eb6c13d584a11aeb7ae7bd6bf31b5a9134b204ee486ff5b99d57dda7601945f038d2e60e57e55e3af64a9fdf23e39290c48282b443a91104eaeda721e51ca8

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
d81800b6a4f7df35a134dfc50e11a21c

SHA1
61d3bfa92b50cebcdac77fd25224ab5b5e379a32

SHA256
5e0cab26f6b2f06673627bbce485a9c091b8e75028a8ff5dd0f10544b75833da

SHA512
430aa611eb105b7c5fd13eae9387624c0a9a3aa5584aa360329641359ceac55736dbdf9fe5acf0b36d346afcc00790ea678e64b317b4b0b753ca973e85d0d28f

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
af356090a86a5cbdb0fa4a57f208f2cb

SHA1
d9557aa757bb6103cb9b7bd066175d7ae3aea994

SHA256
c3cea042e0fe79739f4fcb83287518ae7479173c1f7e80c006766a31564a3a2e

SHA512
3b17cfbbf6e2ed7129ed2870c57f2f95f93fd75e5b0ede1f75658ee040f7eebc8d0650d67d62a991697a898303b4db889807b29aef3dc0eab1afc66ef6c22752

Download Submit