easylogger | 798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae

Analysis

max time kernel
47s
max time network
139s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
26-04-2024 02:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae.apk
Size

5.8MB
MD5

1398c9c6999be6f56f2364ec680f8557
SHA1

396c173b4c084afc3a2c89044ffa42a3f0e4dad4
SHA256

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae
SHA512

49ae3724b60f40ac3646a44164fd6879480d895e1096825f484d63d286b5c5b8f2557bdf752f746651504bd038bf9e93dfe7400977e2bd6ba24576843b3393dc
SSDEEP

98304:BUlRb+MDHwasxU19o7SDWNYbM2Wlghs4DqHvSse0EpO9X0xUCd7Mmp3/U5uaMA:CKhdU1xWlQDuSsGA9X097MaPUo/A

Score

10^/10

easylogger banker collection discovery evasion infostealer persistence spyware trojan

Malware Config

Signatures

EasyLogger
EasyLogger is an Android stalkerware.
trojan infostealer spyware easylogger
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	app.EasyLogger

Reads the content of the SMS messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/	app.EasyLogger

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	app.EasyLogger

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	app.EasyLogger

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	app.EasyLogger

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks the presence of a debugger
evasion

app.EasyLogger
1⤵
- Checks memory information
- Reads the content of the SMS messages.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4193

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492

Filesize
1KB

MD5
9c7e7554cb079144e80f50b7d7c6b070

SHA1
4a3ce51a0627d368799e53e3204c88d9136b2c08

SHA256
914ba7a8cc6c5df4b18a30def33f63929c7687c1034f59c006fd645968741c5c

SHA512
17c74c01e536fc7f882da7c4a41086fe5a0628f48c2b8df2cdf072736977bcd6fa034a341fb31cfdd295db693b4c7dc7480b0ed39f6c1318a6d0b45a10d36dc3

Download Submit
/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492

Filesize
1KB

MD5
51674659df5e40c79ae65fc77fa55d87

SHA1
a6ca181914e8fc06ce167d54016b6d2db54c995d

SHA256
c0c69c8e0318a43b7edfff69c7d230a093c152e76373ddeddc0b1a2e92ca2763

SHA512
54371b7e4bbe8fc35c69392a1b8acd5b468df0d48b04387a8e616a74ca456e8232d174ff1427c440e0ae1983b8908dee5c49fa580fe5e3f19f9bf13301a0391b

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db

Filesize
76KB

MD5
247a9a1ab8a9d50b768aea16f443ee52

SHA1
1b8ef45ad7df4db30e70051835585e526f7fe488

SHA256
6c414fa302b351eb7df14144c5c36a7ddd181615cb540f012ff67005837c9796

SHA512
6285e17579d1253b10f20e00f40aa8432e58a0e7b0b080c7ed52eafabae8f339f250897164409d1bc6512359557545998042fe41fca2e7b4ead85ab26918663f

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db-journal

Filesize
512B

MD5
f01cee8d2975efb5b30f77a0df35eb90

SHA1
d6ddd7db18be16186afc698ea6e6ee818bbc059f

SHA256
2be12d53657881c484d83dba0cc2e33234e0583b02f93b5ab9741dd78a520952

SHA512
31d3b466715d74e7a740b1f7f993eddbe5c49ab5c84f6bdd6781658b77021c60e7305414b93d8ac86d5f613307bcdbe33a1f36afba41a22d587aa1032b8187e0

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db-wal

Filesize
140KB

MD5
519d22876d225edf6edf0a0d68b35242

SHA1
cabd0e013c4724cb13d2a961df2fd70e13ccc66b

SHA256
149f9b222044901af62d13388c064419f6510c21fdccc40d2609e67c12c658c5

SHA512
4a63d3d97f23714e001264d6e0b340888a605f3b8767f0f0c09668aa512c2c6209a5e160a49fa99f79c631319fe466075f7772010be7410c5bcb1a87968f0581

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
4b01f552cccd09d96ffdf46a014501af

SHA1
71aa245e4508a0d18e2329d662356a7c7a0d6f7e

SHA256
6c9b1b7ac52f6955256a4816026d625c2a2b36e91c4c30458997f556eed8e071

SHA512
cbf52696f73e3b4b1ffeb88616f5fb3514c45e91abb31fd8f530cfc4022ec4f2c30c124438f96dd5bd9158f12c81d8247726a976c92ef7d61f5f2860b2054349

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-wal

Filesize
52KB

MD5
19344e4cc40ed9b0c451b686b4fb3d03

SHA1
7e2c2ae498a0ece571166904305d1b0e7781a045

SHA256
5ee1a4d3b9c07f5438c1bab4d7790aa1b3530c1f9104612011f8270b9c166495

SHA512
9af4b4f615e3a6ffb546025062bf0328b28f5f5f4740950172525cf2abbaa65d27c5f9d4196584ff13c79f19171a33b0b4fc96e40e31abb89b8bc7ed16e54133

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal

Filesize
512B

MD5
27e87cbfd1d8255b05c5784f8ac8f31c

SHA1
507cd4b6e12c18de7975aadfee065d8d2576e2cd

SHA256
7a3b2d4c7b9577b643fe019a586fe9bbc99bc474b207628203d1bce9162b944a

SHA512
a1feece9f2605f6f90155e90804fc2cceb3e0b5493df4151164f0903f852e8b7039be3d28c2f91d8dcc87e1bc5e317d6e09ae6096bf904aff0e970ef87703d98

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-wal

Filesize
68KB

MD5
4d3f0c90d213d2ab4f1c46b9b67a5b3c

SHA1
83e9b0b2e8dd34c47bc8ff5b8d0abb403e88d231

SHA256
55b903db368c7c7e5e17cfd3de2f6d799ab6fc4b8805c0988e624db30c9bd3f8

SHA512
0dfe998b21005339a8c95761d31bde2fcd0d6a6fd72a97dd2e332a579e8efa4fba449e679e0e62b62df0e72f18ed8eefb6438c7d1f6f1e1ef3a8c7b85da454f9

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
972b39bc91f20df8971b49e3edd4e50a

SHA1
cec7c834418e3cc11884504880b2d58a6d9c9b61

SHA256
e1be3f90356945d9ebe96e4a5ac2481f87f6854ec0ca35b8c2e46e229e2c22b4

SHA512
e165c1acfbd0cc28cf5a0027dc4b02e9e543e649bd7c5cfe8ac9e2d6e67c458a5c8f17de17dda928e93af00a598c03c3c6d3b32c69bd1618f21fb251fc18f8d0

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3c7ad27e6ac1fb446d3256f1ca2ef421

SHA1
cbeb05a84a75138a3b5c895eb600c6d0373467df

SHA256
8798a66e45b90683e2111c6c4ec6ee861cce4d027c2b65fad0c66f6f3bbdfcc3

SHA512
576b9f5f0ab5e63b9b34f79ff509236b0f1b3ad4205b9c9759ca1c134562a744f49037b6c083047c59531f3b1574371cdb106a5aa0713c0f6789affab657c715

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
87afc55cb6fa0843999512c96d0b54f1

SHA1
721119bb4c395f2035dfea3ef4cd402544aac3c7

SHA256
6d15615128af36c35447afe880ceb6d9d4394aac0e3ce15414b2ac2a5ecad874

SHA512
af42f9883f05a144bc787d29cce84e9bdebcb307f2b7bb392c9bdf4b9efcd5e68677562f0804b6c7dd1c9c04a58c910644af379289282c17a5b38e5c32ea459f

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
4dbc3fd7566f0b29480cc46032a52340

SHA1
75b3b2819344d96ba78e252b75240d29f33f3d55

SHA256
be12c515422e5278df3b6048484be1d80b23213639499357a921c512437fbbd4

SHA512
b9529518777f439bc83fadc3304e342aea8f884bf91ae487f467b8e85aa027b6f0d7eb4adce7120a1ea65961adda103857cd8d497ffea0c90413689c21ea8a7b

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
87cb9139596742358c3c3c255a7eb83d

SHA1
4c828cd7ecb820c49388be23f7044752b2a799a5

SHA256
3efa205c621cf97960f5c1b691931bf0b983ceeebbf1833b6fa0f9b1391a1593

SHA512
7edce5c507f0c3efad1c9fbc7da751a2b11de32fb23e52f21d18cea525e1172ffcdf71198884a0a5c88d84e3268d8125815fe88f78743d9a2b2fb4982a841b2a

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
9258975ccb33a0bd9e56924c1bceaa73

SHA1
6250160e1054fecd8b427ec9feecfb789af86b17

SHA256
04b554c9f61d987dbfb05736bc0803af597b158e1ab0f22398400a28f91b0fd2

SHA512
2010ca829b0f2679ce3e8d5d0d53187727be6d119897b74418cebd59a11ad1c0233f58bf288f80c12c588b3cdc92e46e04f38abcea6a20b66835c75019ac3680

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
84eff95a2ac521ee480d519d285e5dd3

SHA1
c61c510ba3d010d26776d0031b912602c0574c4c

SHA256
e7aa2a88913f636942bbfc8e19799726b821d8033a660d912487c4bd811a904e

SHA512
74906d9383056fe80f18e635e6463ec6e402734f131004f87792c1e58ab2e8f2523a9e3e9c426b9830bb03c58ebdb57a445ebdae48869587a64708c9fa72d1e2

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
f795a1ff664e42445233fadf7df7cb40

SHA1
9dbaab6c42da89d7087c4747ce62b0d2756cf080

SHA256
46bcc12fde34c377227ea158becde424a9f9d7905b9ed90a2411c859767ccd83

SHA512
a5d4f750a979fd9f8c1b0ba3cc0c1efc5ce09322badf8a09b166f4341bfc0da34b8a5a2bd59a5e7be5bc24d567f6216ee8297937fc066d306ac436ad64c85999

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
97b4b1793d9c4747712a3bd5df073900

SHA1
b3e2f87ac5b22818cb144e1cbe47fa49a1046efd

SHA256
dc69c73b3d44d69aa575df6d8e8f2120b520b43170785bb5d742fae62be62519

SHA512
ca51428bd4fe08ad144482526cdb48e120ecccb8d31d2923100932136e23840bdba692cdd1f5ba6ac5f83c7e8cbc17f2817056490b2bd56815d82fa078b4c0ec

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
00fba5cfcb0804959ce1ceba318910f7

SHA1
d777bb3c98c47f0bf847d5e109f2cf6edc273325

SHA256
3f553093f607fcb04d7ac7935a24843d445662f8412106bd03d02a4ea95d98c0

SHA512
a209c5ec62c0611f0196a692c9ad2f9cf5a0b266871501369ee33ce23b4d3dabf1e69569d09c709c196a3862d5e3618311bad38a3e990a13233c90db4068c380

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
17a7ac5c57f9bae4f72f6b4b41cc716b

SHA1
95c8e86e8604a7e8e8c88625dfff46e51bd67774

SHA256
da9cf6243e3485e168170059962cd415739268b2038af900b90afe4f100f8a17

SHA512
755a7a30ffdecf72f043e0792400ce00a612c77b08cc4cd447c9219cba87e235ff7727fc316d4aaf0961495dd55d6428e0abafea78b7c03d18a6e1da67165503

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
905cb1cc45e23a72399cf7b8a8a28bb0

SHA1
c6f17230b7d6e10ce14b92f1f9de8192635ece44

SHA256
48480b981c1243e0b1d5c8d167fc704eb28bb359eb409d5d15f4186333c719dc

SHA512
9477fc13205676a512e94cbd6b68a81e43cf037444ae2d335c56e8323d3b1eaadc9a98d9b1e7bcd461f462d2159672b883f615ec925107e04283c128f6713ae2

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/com.crashlytics.settings.json

Filesize
710B

MD5
8a99ba0a71b869c4b050e1440162ae6e

SHA1
42397c41a67b78518fe5e1385bb8e5c98db2270d

SHA256
658644a711f732e83a97f45882e92ccc24a6c07f1f347d0c8b9ce48d34293533

SHA512
fb5951514b076fec844655df0df568706970153c73dfedd7121c4e40388eac7385494e205a6f61f3eb0b63afbf0f958bbff3e57489f3be418ec83872833b1467

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-662B0D2901A500011061AC8969822EBC.temp

Filesize
438B

MD5
5aa754953edd7eb51ec64b0fac3e9bd3

SHA1
af3b0f48027fa84abf171295ebf14dea2f4f5a14

SHA256
a25ce879eb446d1e058a103f73e60fe59f544b9f29166ca133c0be8321d7363b

SHA512
aecca300548e8cf0266577390226101165b702365b49edf2f9c605bff692245a0197cb6692c2cb7684e24a6d42a0617ab281937dbf556f84e760411b9ad81bba

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-662B0D2901A500011061AC8969822EBC.temp.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/report-persistence/sessions/662B0D2901A500011061AC8969822EBC/report

Filesize
732B

MD5
09a651c2424429aea03727f0a564d1bd

SHA1
e8377e48a3d5c85c3897d349458e2829a43d2b03

SHA256
0b474a33879ff4134551975e71ba5054d738c05ca25e14b742f96f0f5e04f66e

SHA512
18abb83d113a04b4a10d22830ded7576d9d06a4393188a63c7649f27b59c14e17e12fe97db79243f065bc8f163a370a40858befe06b33322ad1e637da68e87d5

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation1823651912314499083tmp

Filesize
564B

MD5
8376d6314e3073454bab8809439cc015

SHA1
34038e6720c796dfec4b998a3362ea86c8324d96

SHA256
5b1fcdd376c95fecc249c609aa7f8d59b89709aa6d714b31857185c1436c615c

SHA512
8da490c73e6d4f291735f25babcab558f5dea59ef6d9b0a7532d65447564c4615c730afdafc60647ad1be7fac4acd68efb7874283ddc63672d2d4fa711fb3fab

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation2658514296561504408tmp

Filesize
90B

MD5
1fdc7af5ce66de5c7e30903526d0c49a

SHA1
5ba16f399fcbfb90ea6c480b5555ee28724247a9

SHA256
8f5ef4149e9e4f4cffa0bdc86cdaa11e53decf6e0bbf59cb7d55464dbbcdf80e

SHA512
2ae65853b2e310100eb237a06364b8a470acd76e3689434dce6d3922c09a26db8add1b927db03980fb0f9e1490b756ff138f2c173e32d48e8e917ce6bad53434

Download Submit
/data/data/app.EasyLogger/files/gaClientId

Filesize
36B

MD5
aaf57e5d673c247c5303846d0c504dac

SHA1
44cc002a058cadb78ee1c78b653bdfb0c15c750b

SHA256
ba0c603b5da68caba3784e8a9e081fbd0b757cf0016790dc31c40c3432b14712

SHA512
3a2193481ade8a23205cade8b7346e42dd4498698f0d7c80118278dfded68568f79e881a06e5370e4ee31373dda40671665b6658b5f90ccbc81af28b99716bbb

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
e06899efc920e060933351423c137a66

SHA1
e75f569d492d3d78b72c2b376dc8c27704ae1d6d

SHA256
623213d42c29d2814394625f0749faea5fa4df3c34490a1ae44fe61775fa5190

SHA512
38870245c4b052b36880a1792ab0cf84001d332c7bfa6174151315e98d26723b651e51d06b98988f17b4533e7fd366e11f72354f00439b0ef43cc91f5aedee7b

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
bcdca65f903a65aea877bc7015bb1bb5

SHA1
884ff540f2463e0ed700ea84e8220c4e1bdf8438

SHA256
3236f5e1047e6e23c7defce6c8fa2ab82abbcab7cc1bdb65a870514ad7424dad

SHA512
5094a093606c483a290e682074b279e2c7a8b7e7d03e28e283cb30bd07875a1e229af9096dbc32d0b9dd51133b9ee5fcfbb9ee1d78fc3acb295a4d5878cc72e5

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
b537e1416c3706122655df92e61d92cb

SHA1
ec8d01b2cb20ec57e2c3da281efed4eb6bf66adc

SHA256
43c6860ccdd98af8188a5de7d7190ff5d570212037b608de19d7ce5842e010b9

SHA512
1db47741dbb44a67c9040786b33e3dcd0b6c9f01e69db652918a9aab940f4b2ff468460f8282c732dd3d8d7d6e93861d56c55d1b8eb55a0e0b69de42e4732be2

Download Submit