easylogger | 798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae

Analysis

max time kernel
47s
max time network
131s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
27/04/2024, 02:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae.apk
Size

5.8MB
MD5

1398c9c6999be6f56f2364ec680f8557
SHA1

396c173b4c084afc3a2c89044ffa42a3f0e4dad4
SHA256

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae
SHA512

49ae3724b60f40ac3646a44164fd6879480d895e1096825f484d63d286b5c5b8f2557bdf752f746651504bd038bf9e93dfe7400977e2bd6ba24576843b3393dc
SSDEEP

98304:BUlRb+MDHwasxU19o7SDWNYbM2Wlghs4DqHvSse0EpO9X0xUCd7Mmp3/U5uaMA:CKhdU1xWlQDuSsGA9X097MaPUo/A

Score

10^/10

easylogger banker collection discovery evasion infostealer persistence spyware trojan

Malware Config

Signatures

EasyLogger
EasyLogger is an Android stalkerware.
trojan infostealer spyware easylogger
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	app.EasyLogger

Reads the content of the SMS messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/	app.EasyLogger

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	app.EasyLogger

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	app.EasyLogger

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	app.EasyLogger

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks the presence of a debugger
evasion

app.EasyLogger
1⤵
- Checks memory information
- Reads the content of the SMS messages.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4475

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492

Filesize
1KB

MD5
82b2324016c25b837534497d838ca455

SHA1
298c60b5a3c002fbaa29e995a1a21603a47dca57

SHA256
7523cf7365d8e43be309035c05f69462938f33b6fe909c80a16d44a77424306d

SHA512
618ecd30e3c1301f1f3dd9a65c67f6a6836db39c43c791c91ac2f88aa33ab07b1511c7149b951bf6432315d6c381cfffea73b4627ef4ca57607422dd7349ed85

Download Submit
/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492

Filesize
1KB

MD5
68528faf450bcacad9e48d6c16760646

SHA1
5e3ae9f429a4b0658c24b822ce3f13e46bfa5bf3

SHA256
3fce0093e5f688770beda31684d000d47d9e7f15ed2d3119a43c1bde8bcbe4d0

SHA512
7d377ddc1bd10e1e95ec068f9e40f5c46d25f412d046e804689f41fafe62749070d2525b14bd7df042c799f4c4bf768fac065daf91e9d27c8fd8e76484575373

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db

Filesize
76KB

MD5
247a9a1ab8a9d50b768aea16f443ee52

SHA1
1b8ef45ad7df4db30e70051835585e526f7fe488

SHA256
6c414fa302b351eb7df14144c5c36a7ddd181615cb540f012ff67005837c9796

SHA512
6285e17579d1253b10f20e00f40aa8432e58a0e7b0b080c7ed52eafabae8f339f250897164409d1bc6512359557545998042fe41fca2e7b4ead85ab26918663f

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db-journal

Filesize
512B

MD5
4f0667b3c0287f8e67a5dc682a883264

SHA1
74297f3a47a638761d3e4be88ca953db083bbe16

SHA256
e0433cad540c7018e16be281d9fcd4bd1379a9fa4758c6a95668a4480268cdf2

SHA512
c14f9cfb6619fd45eec393bbd9a5f88c4873ec3e0749b17e39559fcc6dccd3cdc679386f976ec3b8114224dfb7ac1fe7fbcc5708e9e4d4eac3edcd75439efb46

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db-wal

Filesize
140KB

MD5
10c0bf63c990903007377a0d01428bd7

SHA1
c013065923678afe215083cc40e66b1f39c45bc5

SHA256
a7c49bd2deb955ca37fa178c98776288e807d49604610b5e94d7c97aa89ff8ef

SHA512
91a81856e82c8a23470c5365c9a5fca3da3b3763879d3bab5e597b8a6933acfc2d92f9be3a743adac3ba70a9df5e8febaf38558ac8139a84797c54b59dcb287d

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
589bc77b5bf4bd4adacedc4d5561d32e

SHA1
aa11358dc5fe434f4f33bb9ce5dc6478f13be4a2

SHA256
642d444362c51c193bf3009cae71a33d4e23309f1252293e86c704ee29a89c0b

SHA512
1cb136d8cb6f62b93cec58a505fc17387bb33ea510e7b967062b606bd442bf9a3c9b5982c9a57c4b4329a3d86a1c2b22714eedb94c18d063c1d5db571b6aea89

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-wal

Filesize
52KB

MD5
fe658483fc7ad22670eb78d177acd8b3

SHA1
91032795c6dd329c5d198059c15d6def11681540

SHA256
df73380cc8ffd56ccf1c0475f97df1fe77f35d2776869cb310cd0d09ed00a7e5

SHA512
e71597812d1a7903eb72b742613f270e0e2f79bb1ef8359f69929f158e9da4671cb8f855ce93fd27471977a7a84e66c5d1b4e2f3925bdd629173415bf28f3dcb

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal

Filesize
512B

MD5
50bfd9211a090197676a1cf436e17cec

SHA1
99ff9bc7793b262c4db63f98d61a2a7bd1039fcb

SHA256
d8f9e443c64334b7b1a6b1ccf2e30fe4472b63933d250681e131ed5c72e87fd4

SHA512
0856918464a3d4ed2ed40eea6bf2c1419a95d9ae765521f0174f74f4d7e7ec6fb77e358291e8855a4618fb639e5c27a28a840734fc076aa0bc3b4e6d4e596af3

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-wal

Filesize
68KB

MD5
8229d87b161747244fd179fb0999883c

SHA1
5762f9a490ef84c842040b3a6d519898d048bdda

SHA256
79f33ede738d71ec320223a99966c90f08261f14a3f0d2646cee524562976b16

SHA512
fc32c201f7cc38562bf3546041205de39e595623ef179a1717fc92154e4320de5b5a19b720fe2faf50bffd788ba9feb069964490c8f0423be160bc4a5f17897e

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
c25f278e007d3e6d08888286f0305400

SHA1
2a85239d73e6dcf0be430577768a6932c88fa5ea

SHA256
ac55e5bc73564965c42861bd2effbe83057600e41e24525f153c1f5775f16adc

SHA512
dc65015babf254b7dd2eb227d5b123259e36f771e0185d2960c7e9ed1f824ea67df553ad7fd25939616898720e8ebe21d44147efbaf4e4d72ed1dfa716b5800b

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
906a1da159dcea91c6ac533e47da50e7

SHA1
d4490ec0acf34c687fcf0129832d8f578ef17850

SHA256
96bf77cfdda7910e561729d1fb5fcbc2364f916aae61a0c4dcac6827c5e5bc83

SHA512
f4b83ad5fda50c4c797f41b3ea30b042933b50a013ee7fb6893cf2fc010a1f8d5ffff64734b2c70e0ec8882a9b767a1a3eed72c0b2e67692167a51f31d7379c2

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
5d6291f7bbf8bcc409614b44b9eab596

SHA1
833d29d01a0e33c383d20daecbd1a6679b7a90ec

SHA256
87754dc2d5a1bd53b61d1d55aecf582a9998e275dcb173e63cc3bff89db4bbf0

SHA512
ec57d2cc548fefa2760dfa79febcde77965fa8a1fa1f96f02469d5e0e9a20921d35f4639be91cd386046493cd2b5fff2f0bc6fb6be7a5d1c3e239b0d43627bfe

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b24c5ee84414cef18ce5c2262b58b251

SHA1
dbd6757b170ecf616f25402a298f8f25361cfa7a

SHA256
b6a7cb6a1a98ff9df5bf13f6adf7f7a73147907fca4211c742361fd9054b1a0d

SHA512
1e34117af8c1f59c6d4f8018cc02aee5e977407580c453c7517f9f4e0bcb5f242ae1001296ff0872e80a50e98ed5e90dbc56e5c27fa9a400768be8ca9cbbf077

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ade57a9892c105eb146676b760e41e1a

SHA1
4ae761adbe22de8b6979c1e3b6f9129ab8ff2c11

SHA256
273783621ede4e3a64953b0f7bf0d9fc8ea1d76a0d3d822f94f568a1d9a36eb6

SHA512
aeaf10d02cc568f8f5a09a713bbfd0ebe83d7fd2f66903bc8a64e75ff83d9e438fb937c2f76b5424e540b10f6260ca29477d8eb7370f35cb3ba74ddf7892d8fc

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
7f1b034ec70ca0721d95766ef5e93e73

SHA1
eae6c44a3a95eec1b916d86df9c39c8f822ee86d

SHA256
d68c5682edd9e30e4e36ce0187212569b556cddba31f8fb15ca1c0346c812561

SHA512
ab60154fac04c7f7a64670a3e610c9eb6fea1df49690f0b1deec7e192cf0b2e493bd167d62e8cbef4d2aed6e92faaff3756d6f540993718350e7509347c6e2fa

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
f3a9736afd25a2de4f83d6e8cf8d51ad

SHA1
25fea5298584dab4da85262b85c29c3840ae50fd

SHA256
756c71ca730d1584b2fff5474c67781e776404e0aec806dcabec22627f4db19e

SHA512
ea89635c7fe4e866d36be4c2d202aad5f1b4cf3e9b3d89c10fa64c2cf2149a770449aabcdf433b3ce95fd74883d4606bfbf1a01537f769a63bee7f77df51c4f1

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
e35bacbc723a0dff9e48f5056ad92310

SHA1
86e8c18f5477227874c2262096dd821316d577eb

SHA256
d1ec2f5c596742c7b74fb974130f62c0e689d60d6ef606b96750d305f48223df

SHA512
77ed8d95bcf742bd9ecaecf1fbb5174e1c1f8987de04094c8147ba1b94bc911a27ad0b8aac16cd799410c5e010affee53582b211e7766e135b42654b9055273f

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
39549d3cfd83bd4f581eda1dbc092ed5

SHA1
7bedd178a5e42df18bbcdec80389f09860508a02

SHA256
ab990dc9c185d855faaeac01588181c18b3f6fcfb761efde24f6fdb7729f8c0d

SHA512
11c01df6f75a4cd2bb2dc920513fb088077b6e3d651956492b03664698badd168a65b4455dad9a27c011fe5ca463eaaaa0925acca4735c22eed60cd78f93a683

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
1dfcee9f0853ce641f2d9eadecda79c5

SHA1
a0aed642e1dfa694103e08c1df31dee14fdee5e2

SHA256
180a81239f61ed5315f72ac55b4e30a2ddd905051d36f51a1ae8844f2c8c7595

SHA512
8758e4faafeb8db3c4671fc91e943c3691a78da54172a34c16d202959161e4710cbf7832345156b424b578c1df3552af09e9866a92779ca093fb17a20a942d38

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
67b2bfe8275b0e465786dc9feb667978

SHA1
bebb4914f0c479068215608c72e3b6a080e1dec6

SHA256
84f68c716fabc3d68a67c1e6f2ca659984d65836d1288bd809e6fb182c30c418

SHA512
5edbef6e6c4ea60afc08e1ee9224d1f075c1d02d9816b1ab5ef4e7b8ee0113114fa3707c931d03ab78101c382f20090e314e4f4036ab21aa25b4627a48567f8a

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
241c3ba341a302b68f904486156f7580

SHA1
b2f74db5a451f41d225926b06f0fc352358ef23b

SHA256
5c8460acd954e2c3cf4aaef407924335d76bca7732d3115c64f3bccb82e67625

SHA512
39ae5058200b444cedb642efdb6b9393d4f584566f15b63dabdae8adb281b8c56cb36d0384f00edfa3fc05ed2c6fdd9fc89063d7197d77718c2d60e5bf4fc9da

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/com.crashlytics.settings.json

Filesize
710B

MD5
5e13fe00bdaacee7ed41aaf296e4ebdd

SHA1
f4672246886d4d888485d70247ae087ca394491e

SHA256
0fea78991f6aabdd0ae782f0b4cf5044a057b0fa2e57efc60fddb986202a1b3e

SHA512
c5f1d06b5d545f833b7e5995a8fe02f16a6f4196875a99c9c68b7510dc4e093eb93e27f490f432afa73bd99e424730d11f04be73b4cb3382a6e9600a8a82d6dc

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-662C5D80004C0001117BA7F6CA4A1345.temp

Filesize
438B

MD5
12cc35ad22f291356ad24e9dc54ba1b9

SHA1
e59b571d205bc16e4440f2c93cf1cd6db708d45d

SHA256
17391c5bbc287ef2845c9e39cd6dbabc7f6a98f0012ee8be611eedf5bbcc5699

SHA512
92ee65d95e0264d16a21f5ef84ee666ab806a603d2b21049e165e78465558c241e4618bc7e15ec3fab145ea749697163d5c1b295036cab47173690fe7aad64cd

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-662C5D80004C0001117BA7F6CA4A1345.temp.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/report-persistence/sessions/662C5D80004C0001117BA7F6CA4A1345/report

Filesize
732B

MD5
86a6d045f7bab8c336d057e0e919a530

SHA1
f78a3023c6662dc96b96abb158478efa7ffa343c

SHA256
08584e47bedf0bb357297369b371543b8c69dc8696bafe773fd07a5f0cce1538

SHA512
877b064d8a6c744766e8b4b165da65f5a8f0396308734345632e123bfc21a5645ee359c18c902898ea98e6670002161b41ad855ee452cb3980ed51d094424e5b

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation1447890212166145172tmp

Filesize
90B

MD5
b45a60e6ba7788adbdc96d9450469e16

SHA1
805f7867a827c37e606b1ac4a77859225484d6c3

SHA256
6f14a0ffd220547ffeb12dd7d483be46086dd45ecba3db5ce34634cd4206976c

SHA512
5672eb9c0d80c5bfee5aef4e80176cf1f368eb908dc5ebd9cea27e30a2c8157aaa9297fb534415a601bc1d4fe7caa016ac257a1a3cafee07bf036a7bdf3785f6

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation4088717148176165947tmp

Filesize
564B

MD5
c33b31acf2961803fad51f15a1b7031b

SHA1
589843d4aeaee7d9dd25891d54c60ee6d3a9d3ed

SHA256
d9cde4d332d6b25e0ed115e6d85c382cdac39b6b25e7a67b7a2cfad399b439bb

SHA512
ec47b1b626badfeb5ab33c32a0860eee9a92ac8ff0c4bac31357854d3e63d2483aa50a6d734108b39e8409ebd7b0a5a2a37cfe37fb4284e33cd74bc17713ab25

Download Submit
/data/data/app.EasyLogger/files/gaClientId

Filesize
36B

MD5
7aeed689e6d7b301a404060d82a7ca64

SHA1
d714e5211967421856a60c3a98183665060d98c9

SHA256
4d20e41eacc172fee3cb5400e2e7d6a8401370dee0c6906777a7086202493fee

SHA512
cc4bf995d2f655dd768083144c329d1fe286f046abf9bbc1d0a9e9def14dea4677d4013324aad97214909ca33972aad6ff6c782d3423619ab5fd438309730361

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
1b746b148d85c2bc9132b760e5d33d3c

SHA1
0705d5084f6782ef335a2021487f8f61360c2b71

SHA256
75943632057b8152fafc82fba73bb1eba0a57031bfc614e04d3473f0051001a1

SHA512
a9db64cb6b427f3b66df8b5e5508ced9bb863e219522afdf166230e815d635531d3c11939b295662eeead2fff177d49e3c8fa530b109fbc3a0e2cb8fe8916caa

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
070121f4ab900f5e36edc4b69ab2a3f9

SHA1
285a4a02b7262cbbe2dead91e52788f4ac408f01

SHA256
4b2a0210f6314b13244eefcf69302961e4c936dcbb0c6255a3ef59472e7c28c9

SHA512
c57b5acf670e0b796d76bb7275a84e12569b2ccff338d4db56ebd9aa0cfb93b12d3d8df90431e419b942a803bdb6d474529df220b9a88afe02b500b954e6a966

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
1b3e286cff7597b97221ccbf67a4a2a6

SHA1
954232c269429cefc419ca7a296ae26886776191

SHA256
eff1db4129799e54bd528d69ddb8789ce1ac70cfbae0c601f52612bcc46521d1

SHA512
6be8a62500ae9efe770e1e96050776b026b9b73135099e73abf251986790d78233af5eb575b625b8cd3584bd38b0987028f6210bedbaf3005609762915eb7ceb

Download Submit