easylogger | 798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae

Analysis

max time kernel
47s
max time network
138s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
23-04-2024 02:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae.apk
Size

5.8MB
MD5

1398c9c6999be6f56f2364ec680f8557
SHA1

396c173b4c084afc3a2c89044ffa42a3f0e4dad4
SHA256

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae
SHA512

49ae3724b60f40ac3646a44164fd6879480d895e1096825f484d63d286b5c5b8f2557bdf752f746651504bd038bf9e93dfe7400977e2bd6ba24576843b3393dc
SSDEEP

98304:BUlRb+MDHwasxU19o7SDWNYbM2Wlghs4DqHvSse0EpO9X0xUCd7Mmp3/U5uaMA:CKhdU1xWlQDuSsGA9X097MaPUo/A

Score

10^/10

easylogger banker collection discovery evasion infostealer persistence spyware trojan

Malware Config

Signatures

EasyLogger
EasyLogger is an Android stalkerware.
trojan infostealer spyware easylogger
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	app.EasyLogger

Reads the content of the SMS messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/	app.EasyLogger

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	app.EasyLogger

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	app.EasyLogger

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	app.EasyLogger

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks the presence of a debugger
evasion

app.EasyLogger
1⤵
- Checks memory information
- Reads the content of the SMS messages.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4460

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492

Filesize
1KB

MD5
12b2516c5dc2d292d7c1c635c84c9241

SHA1
caf8ba25d3f8266f198c783a0462ac6ad9f305a8

SHA256
d4efae41412fb341e14cc65f8e5378e6cd1bd215e8de7294a4a783f197d27adc

SHA512
4b0223e08ca7926de203991cd1f2c5507a7f22ab972075d03e95eb156aacb047904a445ea417112a1c52979c29c801d3326e6c4a01f20d8150aa6bbf17c893a9

Download Submit
/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492

Filesize
1KB

MD5
292831f42c6ea94b9b6bec4e49c9de93

SHA1
2e59ab9dd0abb6ab820697e0185af7e4e7aface6

SHA256
57aec33e7e6b73909c14cc029c003864946f2e5320d9a83ecd2bcba706131a77

SHA512
9914877e2aac93025718edaa1f74dfb3bad68343c5cf8632585d57bcde8f435be5ec9fa733315c2e1624760dc21d1fe39422cd97a3c7885b328654d880ac7113

Download Submit
/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492

Filesize
1KB

MD5
dfb53912b6b03ac92209da9190520865

SHA1
6884a161b522118484f654b7d8e40fd95a9201c4

SHA256
4e994ddd0e231a5737863371575cd1f5bcf795bd1a4937c3fd5be8419ecba8ce

SHA512
5c13995d493471063f0b86548ce86104fa9e749420467651711882ab14bc3b54d4d854f9bcd4dbdd875ac97c7900d9a2c3a7f6def721a0de22baec581ed7bda9

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db

Filesize
76KB

MD5
247a9a1ab8a9d50b768aea16f443ee52

SHA1
1b8ef45ad7df4db30e70051835585e526f7fe488

SHA256
6c414fa302b351eb7df14144c5c36a7ddd181615cb540f012ff67005837c9796

SHA512
6285e17579d1253b10f20e00f40aa8432e58a0e7b0b080c7ed52eafabae8f339f250897164409d1bc6512359557545998042fe41fca2e7b4ead85ab26918663f

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db-journal

Filesize
512B

MD5
667c79049698eb2879bb3e8180fc427e

SHA1
4f6c5bed9fd35b3db69e548729dd92223e0d72f5

SHA256
2fef4693be333967e6889078cb2c380680c4850d90428353879aa70df7a75c6b

SHA512
f127b220b5c96e5aa2adb390ab82266fe097312723d131c23fa747bcf21d243a3310a71d386d9dc321deacd5fe843b457e33ef82af650dc53dc433d19eb69d57

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db-wal

Filesize
140KB

MD5
fbe3ab4c670f3a4b14cae9dcecf0b71f

SHA1
94f136dc4deb9ef37402dba2861889b419b21569

SHA256
1e5b8b852f458ad50ead484e8ef3be542c9f2d7285d8b681243570674840a276

SHA512
ebb378d6fa95a645ab6f9cc986719bdc28f0e7ae10e8beb8e0e8f7ffeb1e546d6d63f9c2d8328a4cb101680899138a28240249bf2ad766d0d498bf8d8077fb4d

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
01f7f39ff68fb2f7a8dd61c47f2ee8ec

SHA1
63f65554407e5d98564b2a5798244949b0bf5770

SHA256
b0f3dfef19b1477a427f2c5260a336ed704be87ae7b51b0715d87676084a7ed0

SHA512
5016b6c95c885c1b8257136dda7c6cb946cd5bde24dfc9d76347c03fa2bc3e81f1ffe505c3d86415b352885462215480229bbb1d3add676568144537b43f8a5a

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-wal

Filesize
52KB

MD5
dd4f955264b1d429104afea5dcd74892

SHA1
1b06cdbc9eeb0cec9c1e339e4243c76b791cd283

SHA256
e8a0b1dd83e0fd4c2832cb96ce29e87de6cbdaffef0885f5bed63c11b74fa4db

SHA512
daa84ae5044dcaa173c9ba5b9ae122aa929c9a1f651386f78766bd589cbabcd01584d50da057c7783cd2d411f21d472cffdde293f1a7eb4d3e8a6c6cf2354245

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal

Filesize
512B

MD5
0786a865eac88313a6bd8c6522c52645

SHA1
6ba140b7f7717178a18a7f4e0259caebc68d5cbb

SHA256
4d4d4c5bad2ee909350b8698c93a64e598dd8018412ce646da78d0fe0a0c8208

SHA512
5dc715808b0ee54cdfafa8985b500a36c1df3834507a1fc2d4cb45abe8bd9bf09d033d5531cfb32f685ffc707176264f1a571c01fe3e7d9519fcf5f764512070

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-wal

Filesize
68KB

MD5
8e28086496b5864c676345515979ac63

SHA1
483b716da419a2e9bd44b218a21402fe25781b11

SHA256
54e71f07dd2e7577ad01748d781f1016c5e02b015a680952a4fd193d705b83ab

SHA512
14024549978f28466aafae3d40ae94451c9144f8f66656d818a402f6b636794a8f419db679bcddb84e50b57aa52b3b46ca4d71da14d3ea94e575ee014a3dc9d1

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
f8b0fc876b2b58e3295387e4d10efd1e

SHA1
31e4ff1d07647a8927d666741ecb17a05aaaf9b1

SHA256
78dca6e03242ac2baae2cec4cff70988d357ae9a029c6c6060191a52a04ddd9f

SHA512
9c16921f17a504c3a165d055026fd898193f8fee9313c7e5bef87680579208df393ea7e0c338e87dc066a39ebb0164bbcd2ff9a12d81d061e6f2d7b7746ff376

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
449a61316ba3e177329670eaa4ed094a

SHA1
3f38c4a444ad3071ae501fc646ce91bff35d6cc9

SHA256
f08242571d539bd61aa83a321a65a8e1305e4c4dc9ca9b2da07dbcd1031cd54a

SHA512
b884e3695cad6f99d1e29775df6d49f6334c0bb000626d93aa79506c1384343ca7cf61747e6c6479676a880cc44275fdeadb98ca75c65d3788f10dca694f289c

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
1c919dabfb37192dbd7595af0d3b5c1b

SHA1
981e8e4d1bf1c031787990cd43b26d08a727cc1f

SHA256
a2524961270a2d7190ac7c746a08492126c662ba77af158da1e24555cc5651f4

SHA512
a05c27be089a1242d63de162958bde3ec5157608f5be15e39c064d417b60fa527d0322a3255d848c61f2a5130ed3b44ea5a5e2b865d6ee1789cc9a5d5c1ceed9

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
4cc4d87b77f7749492a4d950819b2aa8

SHA1
de57db549875ea1b3bdfe6ac86b2ae404f68a798

SHA256
c0ed0bd295b9d5bc4974891a64fa7bf5977c631288e1dad1fd5de7fab62f4545

SHA512
5b8382bfd559190b70723f1fc29d23a8d2de89061efce2fbe4a4ca96bed2930b48acfea50437df5353b4d22f28aa520de04b9775330d68f2d48b9560e2787b06

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2a12ab0e4891ca8740f9c81d88141492

SHA1
188afa64dc133d5cddb44daaa5ed822fdf3ba371

SHA256
4581a1d46a9334171ae3dd903d5769adf4948557830121accda46359da39e583

SHA512
f74e441f6a9132426015c0f0318c5f2d0b13ce01f5d8ec4744d72535102104c9b3271786811ced454626877ed7ebb20c5fc50c105f55e79811b03c466e633135

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
78c03a797e461ead8561ecd3c7634ee2

SHA1
ce23d7e5e25a5ab24b6e675cfe7e3127c9e8eeff

SHA256
3ec4c30f94504a1546eb65d8ac45f958dcfd262ba6656fbd36aa37a1314dbbfa

SHA512
3318eb571e14d7169a2a58bd21efe4e17a92eafe795b1ecf111bb0450d76ba93866226b4c1723f1fafeed683f9ec27f15da7e9790b8db91715b4c2b6a1d70af0

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
06dcf4141225e2af28d7c927698bf84e

SHA1
3c1519c4cdbc36bf2d491cd5a42a82cb599efec7

SHA256
33d4c8f447d83f6bd1dc2dcd755a1f59f5c5b23a1cf20d1c69d7cb7f28021038

SHA512
5e5507c0af80e32a6b1c04ad2f4734251493d7d4eccdc19d60ab1827712564530d84b1663283ae95f86ab5ef79fb6bc178ea9a63d618c03f02b880526f05d96a

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
0e25f2adba77a4fdfb1465bfbb15c5cf

SHA1
f58635190bff67bae611abc589ac48812980b774

SHA256
b1d5d116d5190da848d9130f675e9aebda2733410f1a8569222a04c9a25f389b

SHA512
b24009445dc886bc9c5d5be980b00dcdfd35512d720e2cf0e53ec984de656af0ab0c4c8557902e183866e7020a6ff4c63b8f95e63667b7cf92c46b4757a25aba

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
de2a3044ccaf926f61f41a7dd5160f14

SHA1
6972a7cfce28932e2b028f81c315f9c8e54852a3

SHA256
be8a007a4827576cb8e51d8822546c78efb093129d7304a47b6fc1180f04514e

SHA512
17580fc2af55b9042f3f2212749079e30948030327d0094e377de7382f278dc130be1526cc70cd795b2caaa8447aa8f32fe0dca61bf694914c5c0848121e3552

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
ec2a04daed4bf0ebf228aa5a9f11bd91

SHA1
6bbedaedfd6f975ae3961a14bef42246c87b6930

SHA256
df809e5edf8bee6d9bfd37ae2d958b50e23e1a0e9440c8a523d907c0870aa8dd

SHA512
ca7fa062a71b27b83c13f3e13a9bd2aa0d13e736a55ebcec024494b2dd608023fd8d7be2c0c0dcfac205325bf81fc99922bb5a95bc38f262955d35990ea58e18

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
8c54d021a20ad0ac057e75bcb36e7c57

SHA1
cef739612db7d915cad35e56cdfca6152cb02aef

SHA256
39e50476567d13020d01a83e47d71c921185ca6b90fb241e93c7221fa775828b

SHA512
d9f6c51b96b0c1623ac87d38130c2ad881ed2904e8e82e52984de16b38a99e19a1a62797e38704c4947502568d1149185c2703e61dca81c3e34f5ffd2d6fe660

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
dbd2465a54a01cfdedb4031e9e82d17e

SHA1
aca10a359e2348278db053adfe85cf1093d63d0b

SHA256
c2171a14d4deddba7c3c7544f99ef4a07a6c43e5c84397dfb3fbd0d65dda64ae

SHA512
1d60f44f653b4223dca3412c5450b6823c5ee25fadb0b029d675e57dd50a6ac79bf377145bbfb6a13f250118349de5989ac342221c1c8883fdc3766108a5b2ab

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/com.crashlytics.settings.json

Filesize
710B

MD5
2cade031f602458df15456248e0c2119

SHA1
e169b2807910931045314193ff37d30294e82c41

SHA256
4bc5906acd0c66edfe5bbff12b67a9d9716bdca38c7c2ad13f65e6ca353d055a

SHA512
0bb63137f89494a705f910138a066d970cedfccfc7f6d43f12ab8a4c87f4ebe8aa2251f2b5f6fb470cd707b6b645b0ee97ace3d3410d26e64dd39eef09ba1dba

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-662716BE02C40001116C16A5B1E82B55.temp

Filesize
439B

MD5
1b743c325789032c17203095340f1bec

SHA1
5adb0846f290bdd7f84fb0cf62dc61698e77056a

SHA256
325a78cbf29a391b51428861c18e83b56103ef8e8f4e75c669cb75dfc743f2ff

SHA512
f33700d8b4aed69392caa3110129924dd450d20c308d5182f29d7728a7587c1f622501bc4a0f5d0cb75897266e3c2abfbda4c141e54596da5fa74b2066ca1e8d

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-662716BE02C40001116C16A5B1E82B55.temp.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/report-persistence/sessions/662716BE02C40001116C16A5B1E82B55/report

Filesize
732B

MD5
91a479d4fd376d4c160f568aa4867866

SHA1
d360858f22815f1460b317cae25e805bb0073371

SHA256
e2cd3af707e730cddb3bf8651fe94216cc02d024b67fc1b3fd79ed92ecf6976b

SHA512
79e0b50fa65e16d9a06d012002bff426f4d967cf172e11818fe84f7fbdec62d24c8c6e6cfbe10bc65e9b6e4978447be3606633740c3818df7407ca12f9433054

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation1019380239561470025tmp

Filesize
90B

MD5
a9ff3bb31c3826e22166cbd46a8515f3

SHA1
c457e2332daf996586a1eef37a7be46506c0ce26

SHA256
29ce9bf4c201fe58abb2a287c353e3bd57eef4f26df5a0afd3bf164b8d92c334

SHA512
9eb890a0f43c13403e44daccc47f55f966d6e2fd0f2b2694af411988ca2e0287932bd20bd769b82209cdc47354bdb062c2636ef97a075a67c0a0ab25c0a89440

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation2360303028461221481tmp

Filesize
564B

MD5
a8f0b0368748d0e998e1ccc6a9f421a3

SHA1
0f38d7dfe9b23501757402159f76a00cec0bf802

SHA256
45db98fa84dc5bd0d694705ce883a568c72c38114933fb2c4e6baed03dd9fddc

SHA512
a45a8e85c7ca0c65aaba7ab1379447d385a1993b7bb5b4daeafcd5e9806fa4af6fe5e76a0c43f1ce3352c21ae93aeb3d25a442927b52ea320692bba99b92074d

Download Submit
/data/data/app.EasyLogger/files/gaClientId

Filesize
36B

MD5
0ec26ad42c7517409396cf0d4aeb734e

SHA1
d2aec8283948cfe71f8d93eb4729880d04789c86

SHA256
d33cf0528facc6deb3137c6526f34b831c80b2c8e4d53363170ba78e7ee4c6ef

SHA512
3da4bca849278d378da94ab6d948e293510852f52bb67f3450c1d7a60c805c9e693c9f6f7b1261b1e0cdfa307cfed4ae3d8c1c5ff3ead217c145f7fa4c723cb0

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
e3811ebc3fc5f6abe47ebe630406d181

SHA1
a76e3dc14ada98cf58f1ffc00c74b0cac2f7dd7a

SHA256
b9857d6d0a73ddb568a6cfc2a83d8099609e64e36989b1c356d7634a2177dbb5

SHA512
c2249b0e76b9845427aac1e3e1c2fe4d2eff5bc9d5e495fcf699f690e8a0471331825121d155e7b7fc13dc3ad6ed86a86cc756e5a0c1ee0d54f8ce84e742e037

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
e7c54f4d61cbe6e86ba60824c60e1859

SHA1
f8c1650732e756b79e7a0ae2fc005289c58a0922

SHA256
093b2e2854bc443125bfc3744859c96027f412fc67f43ba16b418e98b61dcbb4

SHA512
1d2ff390237097609c18c57726e01df847e3d07bd8c064828053b153180bb0f881570499258da2931f47eeed108f6da7146533732c6acde97ed1ec11d2d5d7a0

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
e9b237b7ff7149d13ff6fca0996b4a83

SHA1
0dd123377247595a24250520e96b90da5e71035c

SHA256
0bd38eeb63bd5c9167e69cb1d827a407ab3ccdebe3989e9ba0dd18963c3b8695

SHA512
e5880d50bbc3f65d2c90bdb7f82afa98e7d5f58f7fff938e6d150ffb67204aa88f6dc6762c12f6bfd6fd05bb37e6161d47f9d40d17626685a58752645c4b957f

Download Submit