easylogger | 798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae

Analysis

max time kernel
9s
max time network
159s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
26-04-2024 02:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae.apk
Size

5.8MB
MD5

1398c9c6999be6f56f2364ec680f8557
SHA1

396c173b4c084afc3a2c89044ffa42a3f0e4dad4
SHA256

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae
SHA512

49ae3724b60f40ac3646a44164fd6879480d895e1096825f484d63d286b5c5b8f2557bdf752f746651504bd038bf9e93dfe7400977e2bd6ba24576843b3393dc
SSDEEP

98304:BUlRb+MDHwasxU19o7SDWNYbM2Wlghs4DqHvSse0EpO9X0xUCd7Mmp3/U5uaMA:CKhdU1xWlQDuSsGA9X097MaPUo/A

Score

10^/10

easylogger banker collection discovery evasion infostealer persistence spyware trojan

Malware Config

Signatures

EasyLogger
EasyLogger is an Android stalkerware.
trojan infostealer spyware easylogger
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	app.EasyLogger

Reads the content of the SMS messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/	app.EasyLogger

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	app.EasyLogger

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	app.EasyLogger

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	app.EasyLogger

Checks the presence of a debugger
evasion

app.EasyLogger
1⤵
- Checks memory information
- Reads the content of the SMS messages.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:5041

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492

Filesize
1KB

MD5
aa05d3929203ad0b0bdfcb9cd4a9ab78

SHA1
671409749f61b4683c652a1a0299749e09f1ebe2

SHA256
9aa58172da5e461cc949a03a000b9e95989ffa2704fc948c9cbcdb5fe2bd88c8

SHA512
cdeb899a428d33f45c14d08a50da0f316b7788da1723c7480b4ff6d15a02b27e35c714704d47d7de4bd21b983624436819bb7b0b456df52f2826f10e7b8ec9a1

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events

Filesize
40KB

MD5
15d5b92dcbda7ef7f9ca327a903e46e4

SHA1
ca153b66028a58d90346ff8abadbdf01b95c37b1

SHA256
e802fdc1ccd833b91d80bb1d8f54cab2b585393e6a07622c4d9feaab07633370

SHA512
2352f167ee5aa37cb3438a0a7df8f632771a1d019c5cd120fe62313fb73aed6d0e09186a9bf306a564371b846a8da020f6acd7aede0cc47ca50701611fa84aca

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
4276589b49285d387046f366f14666d7

SHA1
6cf30c74e537f4b780eb423af51cdb534132bd93

SHA256
62a35bc6e027676b64fc79b540412fe108bb2f10cab803d99567b11abaeb604f

SHA512
53e321263189bda766ca2251ccd5e2c46e55716f39b22b20bae715fd968a5e4173a9c12f6c61d13b9387ef15c1279bd241abfed3b1ce73ea9650901bc53d7f4c

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
9e41e8ea94c23fb8b7a5ac8418cc4c40

SHA1
4312260cc1a795b957ca2f8e6cece786c55e9025

SHA256
1ded29498fa60366f48175493de33273397fc2102bd792be96f49f6696afa55d

SHA512
26b37f4c8f3aaa495439e1d57a767c5f0663cd7a08df7193a79eef98130c0b5ed54ac99010e6516596d7e8538d0be0016e42ca0618335c8344a1bed2bec60c6d

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
87b42dc4804732543c18f508eebb2991

SHA1
f2321a3ea1bb8096fffb73bc7dab2c1009dee2c1

SHA256
6c4849b08dfc2d92f5d3be2626839bed7cb6ec9d4bdd05ac91af69dce4e2bc2c

SHA512
cc40bb62b65b70acb1677305bc272c233e3053b22e75755f0a6ea8abe684a0cd7bcd4555e5824c1efa817f23146580e7eccd36445c544de4032f074433abce53

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db

Filesize
28KB

MD5
b1b61db038efc6579065386aff9f62d3

SHA1
d86ce990920be4ccedbb802eb226025f17e8040b

SHA256
01ad892f28c47a430aa179b2d3f5e64ed9b75c1c74ce5d6656f7a67753a1f14a

SHA512
9463a4b2f99a28ef6e4b3b9837384290d460cdbe31a601d0a7114e3dd5076a5237c098a485e64062860840e90f2f6631b34b1a9ab4914d88a05e967aad1ed7a7

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal

Filesize
512B

MD5
fc42d388ff4983ae730061fe810ee34e

SHA1
5e4c31c96650f837597ded0a5afae10aa0cc2970

SHA256
5905c7aa9f4ceeeec6a8c2cbd52eb0470e18aab1269fc75d68635ed6e9db9ec2

SHA512
7f0e35b107f6033246d0af8512b87879018839089ac46b1072643ad44858cbd18df1f8f8f9f68689783fe99d7157bdc6d8717ea9d3bbd9ee472d25b67e943012

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal

Filesize
8KB

MD5
1f856c4fa56ce9b2a48da0d529ed6e3f

SHA1
29886b4552a23bdd21bbfe85c3241def5b016124

SHA256
ceffffd4e40defc7fc60ac20c5552f06c95d92066b673351f7086a728d6fc34a

SHA512
0accab7ad03e19e910f6a662bdaae132ae2f803a83f8ce31dfe0fc42c475a73ae47dd20c29c849d155ebb93b21a563d45b341b7165ec7e54ecb322731fd4fb8b

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal

Filesize
4KB

MD5
b090814b1c861f760373f00ef675b6a1

SHA1
3efbd06f4f8cc2d48c5b62acbfa9b788e00f3259

SHA256
6a6f2b6beb03fda46f29a692bf75fd3dd1bdc3967e3eb0829bbc8cb3aa6cb0fd

SHA512
0090aa70bec400f3a1648386d10ecfd4447723338a5c63fbc1d9e8ab29194b529c00b7a4dd005587de910aeab405a00e0f97b7c774898caa9009190c5442b497

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal

Filesize
8KB

MD5
d5ee9d416aed866e154c5cfef1b8ec21

SHA1
9e74023adf67c8223868c7bcd1eecb88e1ece6c0

SHA256
ff77e18be0bed938d3f5d1428bc52d89b5d605ae4eeed6fe7099ed8a43aafd85

SHA512
ad349c34904305db5bd9db0bd8d4a72ee305de60a2c40073a4288bb82329d35a3a7da02002f69466c37f02ab322f6ef206c8e9169d0f24515616e1e3d0136aef

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal

Filesize
8KB

MD5
e53e9d1eafd1de1d1f75302b734bd8ee

SHA1
81c06d295d7deab6fd86fa88067a2be71f6bf9f4

SHA256
a5243a62b0cc0480f00e9abc9941c309b7abf5c0393169043649ff59cb08fabb

SHA512
37ec91b33427c4a479fe68b848ca41e5986ad5fc049c2dc4fd729e65d3a02ef8b381913b38b6148783401f4d58546442ab35eb8a423db63bf56931620bced000

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal

Filesize
12KB

MD5
0c7846fd9307f8a8669529b8ee860402

SHA1
4de408d9476026b840157e3fdee7d5ad6771bf2e

SHA256
a5f5c0eb735a2401cad2342fa2d601e1f2a9c656427e7200021d019223846043

SHA512
811a113e68773d6446421a2cc5ad82f4f222cd49a5944ec070a3e7bc5db6a3bf26cbd8423bfee24103ee0cb3161c1a3acdf5cf66287c542efd185094b7a98c34

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
8dbfcb50b8e785341ea0c81060c770b7

SHA1
608b166a6b7af90e0b8e1536fc455116e4971cd1

SHA256
e1cda6279fc26c4c825bb739eeba4145365315e49af302a4d2051172ad76605b

SHA512
2e0e22a0856d45afdb0b737f01c34c9b3f2b6d28f52112692e67ff2ab70b499a20f56f0fda96f4715c27a1ae2260d0c0187e73ffaf2b473e6fe5f83448e26546

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
39c652c1e074f194be897ade0ef53536

SHA1
921d84fcbc81affb8d300c4523958b51444ebecc

SHA256
97f161cdde167a8b9ca6adf052ced9ab253483ad9eef58e14b1ce7311627d6c7

SHA512
45a092741ce4d8b3f69c5b188434824d128f991a9f3b887f6b31b6ab9c0f5325abf8c3698fa0637ff15511417de3c119b0d474e94a52f9516db0a7df5fb6f6ca

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
d8c9e718fdca339d39a6942782bdcde8

SHA1
7ede4fef9ae5af30fec5af3aaef150d18c91e1d9

SHA256
9a62d629d1e781a3ce9430369e76abaa3d9c1ba2d717e3d0f2612d8d8921d264

SHA512
34a501e9b265440c0ab174357f0c8247bd6e1fed8ac357d0d2e8d594d73dfbd02a1e86090df1aa8d3ff8d9cd901c369837fee147a19e57ed543d4ac42a32e0e4

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
28bd42b95375d163198943d2f52de73d

SHA1
376943096f1b6b56895d30906f32364c865fd63e

SHA256
3a7ec0b1a247458b15afa771d206bbda74c3defe7e4f4c30a736deb1cc39f246

SHA512
f379cd587a61587222e9e1d03eb2ff7c135419c718580ca96959c95d32ec82f61bae4368a187ebaf787b356071226f070197726c8824349ac6632fcf9da546df

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
6e0cb9214520486fcc6e34400018d674

SHA1
8c0e822dc1aee60e39147ac33368b60453e07235

SHA256
7bdb41e9a48725f99247a3c74130e75100d286b0c257aad3111c4934598d6b58

SHA512
727b19e9c8a55a7cfccb673091227b7003d043db3ed45d796d30c38c51f363ec237bd8621368d36517de0f1d18b97ace28298ec3769704ea374bea7482a2c307

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
f1f00fdbd2411c9de044e6f194c9de07

SHA1
28dee2aba5b0604c9a317cc8a452cf92289a6f62

SHA256
d9a63a13d7088db8636f4fcef6f6cb31f9186074b9f50d0b7e67b5c08bcff83e

SHA512
b72d045cf0259c9fd23d4bf2e486184b6ab1d34cb3b2ec8180e54fdd6d9ffb802388c030b85f0391c6f11ae45ac2fb2f946073a3629f9da9e6e0ab8ecbba2c59

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/com.crashlytics.settings.json

Filesize
710B

MD5
332b1b50da2e0a38ec0501b1ef560846

SHA1
321bbcdbc5a776ad9902244247e545c505dff715

SHA256
6aa79e8506db42c6ba63bf730e2119366136a276efe8ff1d6f36b994495026e5

SHA512
e7bb5cf98b28f1c447b83c92fb743c7317860a7e0e75704e0d30b016e6cca3d21de7cb6c05a900487faebbc310ff786c4830af3cb0d4936cdd2961a16dcd9441

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/report-persistence/sessions/662B0D270285000113B129A117D1940F/report

Filesize
733B

MD5
148836be95d7f27e57970c179a6c21e9

SHA1
ca4f6974656dd8163be08f3978afc867dc83e3fc

SHA256
c4716d0dcd4f6f385218d4e7685ef2e97894b9b0fb26a67e63a4b56812f460be

SHA512
8fe2cf88683a5cb7f1e1ad2df843be35b9ca790e89dc916ab51f2423d6d29a56c0852f50346cac44c2cb8cfafada82aa620ac1b1993519de62c457ed6edc6a9e

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation5938285194181615094tmp

Filesize
563B

MD5
4fe939363e3e995ceb429ded3b24d7eb

SHA1
59badde259dc8ae971d826d795779fb720dcddca

SHA256
124d8b223951f9a54143b8433bb8dc98735daa7752f8a5b6fa87aea551f1d572

SHA512
43e12676f9132fd44f1dcf0b88131b1188cf425ca5f4ca604fa0d13ff8eab284b4d1cac2b161271a827beb1b9ee545e5510243754fcd80cae3fae2feed9ab160

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation7435779559267950868tmp

Filesize
90B

MD5
7822a7033d9fe42977f9103f4c5c5a0c

SHA1
7a5a46e14593be9d6dc1d10474013498f1dc325e

SHA256
10575cde81f09a618c4fd3f5e766679377bc9070469e2e41e9593c12e3a04a99

SHA512
275512819b31e235acbdfe696607dae30eacdaefeb775d6fe2a93fbc45f3875277cefa8090db77374d4f5b47b38eefe2c6fd2f7a878c3eeed44cb0861e8af644

Download Submit
/data/data/app.EasyLogger/files/gaClientId

Filesize
36B

MD5
1a6173c85208913e54005ac5d16575e6

SHA1
7fd763705bc2746a83e9cd24f0fb7358c6184382

SHA256
60c1a20a92486b5654335c0edcedddb24c7d382b2af85bdd7197e3df3eb43d5b

SHA512
408021bdb1fdfc62b511305e4409917b1aa05ffe4a481de5a5b67abefffa13778f76acde388d399d7253b95a9819a5a906e1a8d5965681e427a2111926d401c1

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
def826b3922b96d3812e98538da8a18b

SHA1
88f57233f22c9e3e8c2b18427296b20de1530d49

SHA256
0037ff460be391057a49e69a671385ffb795fcc3f4c83eeb2d4dc906afad59f6

SHA512
8c0baea880f6c2310e5d8aaebb2994d1ca7fbffb1537713f217699ed754ebb74efb18f33d19edda8fb5febd43d67a5bd644e7f872593db267c3d91ba20afce93

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
327496766a257649b5e015baa2a671a2

SHA1
caa359c9a01c519b83ba4d64517bce0858741173

SHA256
dd775768b793532727e8ba3f4dd2e81676db1a827ac73af52f20ef133f47d03c

SHA512
22860284bfc8f616f41c9a318cf543d8be753b826db62bb3ee055bfd081f984eaf65afa6fdaaabfec0d4f90d7f78cd92eecd55b570fcaba0f00b2a91c13c5463

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
efea39fb1d30459fa7671011ce676f98

SHA1
109b8352ce0acb4ed7cb6f390c7ede761a82a9eb

SHA256
add1eadd2c78c1cffa974beb78d475bdc1073dfb60298092ad2f766d0f3fb48b

SHA512
864dfa1d6fb3125d6918684d3799c7bf70cc6f76a992caf8565f528e715cd3429ae5a570b7c4145c53dc953839521f3e699ca2d67736cccd8f69f9509a3c61d2

Download Submit