easylogger | 798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae

Analysis

max time kernel
47s
max time network
138s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
23-04-2024 02:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae.apk
Size

5.8MB
MD5

1398c9c6999be6f56f2364ec680f8557
SHA1

396c173b4c084afc3a2c89044ffa42a3f0e4dad4
SHA256

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae
SHA512

49ae3724b60f40ac3646a44164fd6879480d895e1096825f484d63d286b5c5b8f2557bdf752f746651504bd038bf9e93dfe7400977e2bd6ba24576843b3393dc
SSDEEP

98304:BUlRb+MDHwasxU19o7SDWNYbM2Wlghs4DqHvSse0EpO9X0xUCd7Mmp3/U5uaMA:CKhdU1xWlQDuSsGA9X097MaPUo/A

Score

10^/10

easylogger banker collection discovery evasion infostealer persistence spyware trojan

Malware Config

Signatures

EasyLogger
EasyLogger is an Android stalkerware.
trojan infostealer spyware easylogger
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

app.EasyLogger

description ioc process

File opened for read /proc/meminfo app.EasyLogger
Reads the content of the SMS messages. 1 TTPs 1 IoCs
collection

T1636.004

Processes:

app.EasyLogger

description ioc process

URI accessed for read content://sms/ app.EasyLogger
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

app.EasyLogger

description ioc process

Framework service call android.app.IActivityManager.registerReceiver app.EasyLogger
Acquires the wake lock 1 IoCs

Processes:

app.EasyLogger

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock app.EasyLogger
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

app.EasyLogger

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo app.EasyLogger
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Checks the presence of a debugger
evasion

description	ioc	process
File opened for read	/proc/meminfo	app.EasyLogger

description	ioc	process
URI accessed for read	content://sms/	app.EasyLogger

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	app.EasyLogger

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	app.EasyLogger

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	app.EasyLogger

app.EasyLogger
1⤵
- Checks memory information
- Reads the content of the SMS messages.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4460

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492
Filesize
1KB

MD5
12b2516c5dc2d292d7c1c635c84c9241

SHA1
caf8ba25d3f8266f198c783a0462ac6ad9f305a8

SHA256
d4efae41412fb341e14cc65f8e5378e6cd1bd215e8de7294a4a783f197d27adc

SHA512
4b0223e08ca7926de203991cd1f2c5507a7f22ab972075d03e95eb156aacb047904a445ea417112a1c52979c29c801d3326e6c4a01f20d8150aa6bbf17c893a9

Download Submit
/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492
Filesize
1KB

MD5
292831f42c6ea94b9b6bec4e49c9de93

SHA1
2e59ab9dd0abb6ab820697e0185af7e4e7aface6

SHA256
57aec33e7e6b73909c14cc029c003864946f2e5320d9a83ecd2bcba706131a77

SHA512
9914877e2aac93025718edaa1f74dfb3bad68343c5cf8632585d57bcde8f435be5ec9fa733315c2e1624760dc21d1fe39422cd97a3c7885b328654d880ac7113

Download Submit
/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492
Filesize
1KB

MD5
dfb53912b6b03ac92209da9190520865

SHA1
6884a161b522118484f654b7d8e40fd95a9201c4

SHA256
4e994ddd0e231a5737863371575cd1f5bcf795bd1a4937c3fd5be8419ecba8ce

SHA512
5c13995d493471063f0b86548ce86104fa9e749420467651711882ab14bc3b54d4d854f9bcd4dbdd875ac97c7900d9a2c3a7f6def721a0de22baec581ed7bda9

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db
Filesize
76KB

MD5
247a9a1ab8a9d50b768aea16f443ee52

SHA1
1b8ef45ad7df4db30e70051835585e526f7fe488

SHA256
6c414fa302b351eb7df14144c5c36a7ddd181615cb540f012ff67005837c9796

SHA512
6285e17579d1253b10f20e00f40aa8432e58a0e7b0b080c7ed52eafabae8f339f250897164409d1bc6512359557545998042fe41fca2e7b4ead85ab26918663f

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db-journal
Filesize
512B

MD5
667c79049698eb2879bb3e8180fc427e

SHA1
4f6c5bed9fd35b3db69e548729dd92223e0d72f5

SHA256
2fef4693be333967e6889078cb2c380680c4850d90428353879aa70df7a75c6b

SHA512
f127b220b5c96e5aa2adb390ab82266fe097312723d131c23fa747bcf21d243a3310a71d386d9dc321deacd5fe843b457e33ef82af650dc53dc433d19eb69d57

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db-wal
Filesize
140KB

MD5
fbe3ab4c670f3a4b14cae9dcecf0b71f

SHA1
94f136dc4deb9ef37402dba2861889b419b21569

SHA256
1e5b8b852f458ad50ead484e8ef3be542c9f2d7285d8b681243570674840a276

SHA512
ebb378d6fa95a645ab6f9cc986719bdc28f0e7ae10e8beb8e0e8f7ffeb1e546d6d63f9c2d8328a4cb101680899138a28240249bf2ad766d0d498bf8d8077fb4d

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-journal
Filesize
512B

MD5
01f7f39ff68fb2f7a8dd61c47f2ee8ec

SHA1
63f65554407e5d98564b2a5798244949b0bf5770

SHA256
b0f3dfef19b1477a427f2c5260a336ed704be87ae7b51b0715d87676084a7ed0

SHA512
5016b6c95c885c1b8257136dda7c6cb946cd5bde24dfc9d76347c03fa2bc3e81f1ffe505c3d86415b352885462215480229bbb1d3add676568144537b43f8a5a

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-wal
Filesize
52KB

MD5
dd4f955264b1d429104afea5dcd74892

SHA1
1b06cdbc9eeb0cec9c1e339e4243c76b791cd283

SHA256
e8a0b1dd83e0fd4c2832cb96ce29e87de6cbdaffef0885f5bed63c11b74fa4db

SHA512
daa84ae5044dcaa173c9ba5b9ae122aa929c9a1f651386f78766bd589cbabcd01584d50da057c7783cd2d411f21d472cffdde293f1a7eb4d3e8a6c6cf2354245

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal
Filesize
512B

MD5
0786a865eac88313a6bd8c6522c52645

SHA1
6ba140b7f7717178a18a7f4e0259caebc68d5cbb

SHA256
4d4d4c5bad2ee909350b8698c93a64e598dd8018412ce646da78d0fe0a0c8208

SHA512
5dc715808b0ee54cdfafa8985b500a36c1df3834507a1fc2d4cb45abe8bd9bf09d033d5531cfb32f685ffc707176264f1a571c01fe3e7d9519fcf5f764512070

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-wal
Filesize
68KB

MD5
8e28086496b5864c676345515979ac63

SHA1
483b716da419a2e9bd44b218a21402fe25781b11

SHA256
54e71f07dd2e7577ad01748d781f1016c5e02b015a680952a4fd193d705b83ab

SHA512
14024549978f28466aafae3d40ae94451c9144f8f66656d818a402f6b636794a8f419db679bcddb84e50b57aa52b3b46ca4d71da14d3ea94e575ee014a3dc9d1

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db
Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db
Filesize
16KB

MD5
f8b0fc876b2b58e3295387e4d10efd1e

SHA1
31e4ff1d07647a8927d666741ecb17a05aaaf9b1

SHA256
78dca6e03242ac2baae2cec4cff70988d357ae9a029c6c6060191a52a04ddd9f

SHA512
9c16921f17a504c3a165d055026fd898193f8fee9313c7e5bef87680579208df393ea7e0c338e87dc066a39ebb0164bbcd2ff9a12d81d061e6f2d7b7746ff376

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db
Filesize
16KB

MD5
449a61316ba3e177329670eaa4ed094a

SHA1
3f38c4a444ad3071ae501fc646ce91bff35d6cc9

SHA256
f08242571d539bd61aa83a321a65a8e1305e4c4dc9ca9b2da07dbcd1031cd54a

SHA512
b884e3695cad6f99d1e29775df6d49f6334c0bb000626d93aa79506c1384343ca7cf61747e6c6479676a880cc44275fdeadb98ca75c65d3788f10dca694f289c

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db
Filesize
16KB

MD5
1c919dabfb37192dbd7595af0d3b5c1b

SHA1
981e8e4d1bf1c031787990cd43b26d08a727cc1f

SHA256
a2524961270a2d7190ac7c746a08492126c662ba77af158da1e24555cc5651f4

SHA512
a05c27be089a1242d63de162958bde3ec5157608f5be15e39c064d417b60fa527d0322a3255d848c61f2a5130ed3b44ea5a5e2b865d6ee1789cc9a5d5c1ceed9

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db
Filesize
16KB

MD5
4cc4d87b77f7749492a4d950819b2aa8

SHA1
de57db549875ea1b3bdfe6ac86b2ae404f68a798

SHA256
c0ed0bd295b9d5bc4974891a64fa7bf5977c631288e1dad1fd5de7fab62f4545

SHA512
5b8382bfd559190b70723f1fc29d23a8d2de89061efce2fbe4a4ca96bed2930b48acfea50437df5353b4d22f28aa520de04b9775330d68f2d48b9560e2787b06

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db
Filesize
16KB

MD5
2a12ab0e4891ca8740f9c81d88141492

SHA1
188afa64dc133d5cddb44daaa5ed822fdf3ba371

SHA256
4581a1d46a9334171ae3dd903d5769adf4948557830121accda46359da39e583

SHA512
f74e441f6a9132426015c0f0318c5f2d0b13ce01f5d8ec4744d72535102104c9b3271786811ced454626877ed7ebb20c5fc50c105f55e79811b03c466e633135

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal
Filesize
512B

MD5
78c03a797e461ead8561ecd3c7634ee2

SHA1
ce23d7e5e25a5ab24b6e675cfe7e3127c9e8eeff

SHA256
3ec4c30f94504a1546eb65d8ac45f958dcfd262ba6656fbd36aa37a1314dbbfa

SHA512
3318eb571e14d7169a2a58bd21efe4e17a92eafe795b1ecf111bb0450d76ba93866226b4c1723f1fafeed683f9ec27f15da7e9790b8db91715b4c2b6a1d70af0

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal
Filesize
36KB

MD5
06dcf4141225e2af28d7c927698bf84e

SHA1
3c1519c4cdbc36bf2d491cd5a42a82cb599efec7

SHA256
33d4c8f447d83f6bd1dc2dcd755a1f59f5c5b23a1cf20d1c69d7cb7f28021038

SHA512
5e5507c0af80e32a6b1c04ad2f4734251493d7d4eccdc19d60ab1827712564530d84b1663283ae95f86ab5ef79fb6bc178ea9a63d618c03f02b880526f05d96a

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
0e25f2adba77a4fdfb1465bfbb15c5cf

SHA1
f58635190bff67bae611abc589ac48812980b774

SHA256
b1d5d116d5190da848d9130f675e9aebda2733410f1a8569222a04c9a25f389b

SHA512
b24009445dc886bc9c5d5be980b00dcdfd35512d720e2cf0e53ec984de656af0ab0c4c8557902e183866e7020a6ff4c63b8f95e63667b7cf92c46b4757a25aba

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
de2a3044ccaf926f61f41a7dd5160f14

SHA1
6972a7cfce28932e2b028f81c315f9c8e54852a3

SHA256
be8a007a4827576cb8e51d8822546c78efb093129d7304a47b6fc1180f04514e

SHA512
17580fc2af55b9042f3f2212749079e30948030327d0094e377de7382f278dc130be1526cc70cd795b2caaa8447aa8f32fe0dca61bf694914c5c0848121e3552

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
ec2a04daed4bf0ebf228aa5a9f11bd91

SHA1
6bbedaedfd6f975ae3961a14bef42246c87b6930

SHA256
df809e5edf8bee6d9bfd37ae2d958b50e23e1a0e9440c8a523d907c0870aa8dd

SHA512
ca7fa062a71b27b83c13f3e13a9bd2aa0d13e736a55ebcec024494b2dd608023fd8d7be2c0c0dcfac205325bf81fc99922bb5a95bc38f262955d35990ea58e18

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
8c54d021a20ad0ac057e75bcb36e7c57

SHA1
cef739612db7d915cad35e56cdfca6152cb02aef

SHA256
39e50476567d13020d01a83e47d71c921185ca6b90fb241e93c7221fa775828b

SHA512
d9f6c51b96b0c1623ac87d38130c2ad881ed2904e8e82e52984de16b38a99e19a1a62797e38704c4947502568d1149185c2703e61dca81c3e34f5ffd2d6fe660

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
dbd2465a54a01cfdedb4031e9e82d17e

SHA1
aca10a359e2348278db053adfe85cf1093d63d0b

SHA256
c2171a14d4deddba7c3c7544f99ef4a07a6c43e5c84397dfb3fbd0d65dda64ae

SHA512
1d60f44f653b4223dca3412c5450b6823c5ee25fadb0b029d675e57dd50a6ac79bf377145bbfb6a13f250118349de5989ac342221c1c8883fdc3766108a5b2ab

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/com.crashlytics.settings.json
Filesize
710B

MD5
2cade031f602458df15456248e0c2119

SHA1
e169b2807910931045314193ff37d30294e82c41

SHA256
4bc5906acd0c66edfe5bbff12b67a9d9716bdca38c7c2ad13f65e6ca353d055a

SHA512
0bb63137f89494a705f910138a066d970cedfccfc7f6d43f12ab8a4c87f4ebe8aa2251f2b5f6fb470cd707b6b645b0ee97ace3d3410d26e64dd39eef09ba1dba

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-662716BE02C40001116C16A5B1E82B55.temp
Filesize
439B

MD5
1b743c325789032c17203095340f1bec

SHA1
5adb0846f290bdd7f84fb0cf62dc61698e77056a

SHA256
325a78cbf29a391b51428861c18e83b56103ef8e8f4e75c669cb75dfc743f2ff

SHA512
f33700d8b4aed69392caa3110129924dd450d20c308d5182f29d7728a7587c1f622501bc4a0f5d0cb75897266e3c2abfbda4c141e54596da5fa74b2066ca1e8d

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-662716BE02C40001116C16A5B1E82B55.temp.tmp
Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/report-persistence/sessions/662716BE02C40001116C16A5B1E82B55/report
Filesize
732B

MD5
91a479d4fd376d4c160f568aa4867866

SHA1
d360858f22815f1460b317cae25e805bb0073371

SHA256
e2cd3af707e730cddb3bf8651fe94216cc02d024b67fc1b3fd79ed92ecf6976b

SHA512
79e0b50fa65e16d9a06d012002bff426f4d967cf172e11818fe84f7fbdec62d24c8c6e6cfbe10bc65e9b6e4978447be3606633740c3818df7407ca12f9433054

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation1019380239561470025tmp
Filesize
90B

MD5
a9ff3bb31c3826e22166cbd46a8515f3

SHA1
c457e2332daf996586a1eef37a7be46506c0ce26

SHA256
29ce9bf4c201fe58abb2a287c353e3bd57eef4f26df5a0afd3bf164b8d92c334

SHA512
9eb890a0f43c13403e44daccc47f55f966d6e2fd0f2b2694af411988ca2e0287932bd20bd769b82209cdc47354bdb062c2636ef97a075a67c0a0ab25c0a89440

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation2360303028461221481tmp
Filesize
564B

MD5
a8f0b0368748d0e998e1ccc6a9f421a3

SHA1
0f38d7dfe9b23501757402159f76a00cec0bf802

SHA256
45db98fa84dc5bd0d694705ce883a568c72c38114933fb2c4e6baed03dd9fddc

SHA512
a45a8e85c7ca0c65aaba7ab1379447d385a1993b7bb5b4daeafcd5e9806fa4af6fe5e76a0c43f1ce3352c21ae93aeb3d25a442927b52ea320692bba99b92074d

Download Submit
/data/data/app.EasyLogger/files/gaClientId
Filesize
36B

MD5
0ec26ad42c7517409396cf0d4aeb734e

SHA1
d2aec8283948cfe71f8d93eb4729880d04789c86

SHA256
d33cf0528facc6deb3137c6526f34b831c80b2c8e4d53363170ba78e7ee4c6ef

SHA512
3da4bca849278d378da94ab6d948e293510852f52bb67f3450c1d7a60c805c9e693c9f6f7b1261b1e0cdfa307cfed4ae3d8c1c5ff3ead217c145f7fa4c723cb0

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-journal
Filesize
512B

MD5
e3811ebc3fc5f6abe47ebe630406d181

SHA1
a76e3dc14ada98cf58f1ffc00c74b0cac2f7dd7a

SHA256
b9857d6d0a73ddb568a6cfc2a83d8099609e64e36989b1c356d7634a2177dbb5

SHA512
c2249b0e76b9845427aac1e3e1c2fe4d2eff5bc9d5e495fcf699f690e8a0471331825121d155e7b7fc13dc3ad6ed86a86cc756e5a0c1ee0d54f8ce84e742e037

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal
Filesize
16KB

MD5
e7c54f4d61cbe6e86ba60824c60e1859

SHA1
f8c1650732e756b79e7a0ae2fc005289c58a0922

SHA256
093b2e2854bc443125bfc3744859c96027f412fc67f43ba16b418e98b61dcbb4

SHA512
1d2ff390237097609c18c57726e01df847e3d07bd8c064828053b153180bb0f881570499258da2931f47eeed108f6da7146533732c6acde97ed1ec11d2d5d7a0

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal
Filesize
108KB

MD5
e9b237b7ff7149d13ff6fca0996b4a83

SHA1
0dd123377247595a24250520e96b90da5e71035c

SHA256
0bd38eeb63bd5c9167e69cb1d827a407ab3ccdebe3989e9ba0dd18963c3b8695

SHA512
e5880d50bbc3f65d2c90bdb7f82afa98e7d5f58f7fff938e6d150ffb67204aa88f6dc6762c12f6bfd6fd05bb37e6161d47f9d40d17626685a58752645c4b957f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads