easylogger | 798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae

Analysis

max time kernel
47s
max time network
138s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
28-04-2024 02:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae.apk
Size

5.8MB
MD5

1398c9c6999be6f56f2364ec680f8557
SHA1

396c173b4c084afc3a2c89044ffa42a3f0e4dad4
SHA256

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae
SHA512

49ae3724b60f40ac3646a44164fd6879480d895e1096825f484d63d286b5c5b8f2557bdf752f746651504bd038bf9e93dfe7400977e2bd6ba24576843b3393dc
SSDEEP

98304:BUlRb+MDHwasxU19o7SDWNYbM2Wlghs4DqHvSse0EpO9X0xUCd7Mmp3/U5uaMA:CKhdU1xWlQDuSsGA9X097MaPUo/A

Score

10^/10

easylogger banker collection discovery evasion infostealer persistence spyware trojan

Malware Config

Signatures

EasyLogger
EasyLogger is an Android stalkerware.
trojan infostealer spyware easylogger
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

System Checks
T1633.001

System Information Discovery
T1426

Processes:

app.EasyLogger

description ioc process

File opened for read /proc/meminfo app.EasyLogger
Reads the content of the SMS messages. 1 TTPs 1 IoCs
collection

SMS Messages
T1636.004

Processes:

app.EasyLogger

description ioc process

URI accessed for read content://sms/ app.EasyLogger
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

Broadcast Receivers
T1624.001

Processes:

app.EasyLogger

description ioc process

Framework service call android.app.IActivityManager.registerReceiver app.EasyLogger
Acquires the wake lock 1 IoCs

Processes:

app.EasyLogger

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock app.EasyLogger
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

app.EasyLogger

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo app.EasyLogger
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks the presence of a debugger
evasion

description	ioc	process
File opened for read	/proc/meminfo	app.EasyLogger

description	ioc	process
URI accessed for read	content://sms/	app.EasyLogger

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	app.EasyLogger

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	app.EasyLogger

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	app.EasyLogger

app.EasyLogger
1⤵
- Checks memory information
- Reads the content of the SMS messages.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4288

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492
Filesize
1KB

MD5
d850111759630d55b978515463a5c5bb

SHA1
e863771c734a686319f9d62e6eb3cc54892c7d1f

SHA256
1aab4f51b752a941a270888ade39a8192cdc0aed965dccb657e871b16d842b61

SHA512
57b6314c61a5f8907ee62eb79d8327772478b01d519fa60847d4d79c402e0e11d4c9421eab4f8e48db5267bb45ef4894596038c5f9dacb693be324649c0f4f20

Download Submit
/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492
Filesize
1KB

MD5
7abbb38ce75881b9a2be0a88be68bbdb

SHA1
66c9c78c37f74a9af3e5fac151dca9b98b528de8

SHA256
03b310e9b86bd73853cdf8e5d413f7e88a77569d570d7c53f9f07bd905b20ee7

SHA512
f2a255c9c697b690ccd69fbdb3791af808df2444705feb1e3d7b18018643ef4506a8f1b58a0c9389e61941d02f8a2b317da257bfc6b0b1b78b99c96c278b1769

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db
Filesize
76KB

MD5
247a9a1ab8a9d50b768aea16f443ee52

SHA1
1b8ef45ad7df4db30e70051835585e526f7fe488

SHA256
6c414fa302b351eb7df14144c5c36a7ddd181615cb540f012ff67005837c9796

SHA512
6285e17579d1253b10f20e00f40aa8432e58a0e7b0b080c7ed52eafabae8f339f250897164409d1bc6512359557545998042fe41fca2e7b4ead85ab26918663f

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db-journal
Filesize
512B

MD5
e51b408488a7b34149b34b341523bf40

SHA1
4589a876ec79aecf3837359c5d81498a99d9f92c

SHA256
ebfbe3d3f48cfadbbc935ca4da5e62f3966e18ecaafd1a6e0c28d6ce3f1185a4

SHA512
f54b9068bc19ddde3abb0cf66b443517e96f98f50db8cce04c2eaf59100503832a7282a9a9653b56b8d032a8e722d32cc85b9d7cc20a01813cfdfa47aa7f98b1

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db-wal
Filesize
140KB

MD5
aea56d8763795511a78b77d8c73713a0

SHA1
095e4ca16172dc0b5d7a2a51c9cc575ec9e5f568

SHA256
609287a536eb940d21707d9ba6f0e8677d89e64f3d027c5f756df6792d39a43d

SHA512
07fa5bb30a369fc83f06dd458b15429c9c89ef347c8594562c5dbce9695410009912198a2eb38951b5c77b0d4f3ccd5499059eee412dc9f945e94df847ef4a9f

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-journal
Filesize
512B

MD5
6b91caa0bcd89c5872d8fd02ee845feb

SHA1
821fd2e9b066831889d01036e61976c1dbe90775

SHA256
1c59d943b5ef0c7384ebfe5fc71c6ac8dc7944e68c68043ddb140602f64b05cb

SHA512
fb70aac962af501d45f5d8e3b92bd8d0addd634f750cd83d9f6627d0d9edd94570b38ebae62d419da3bcff609d7320213587d7141de2488a77c01ebe8978c9fa

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-wal
Filesize
52KB

MD5
ba677cbb8e4846a20865a4bf2715d084

SHA1
8566db4d544e13bc5af8caa4fe584e005a283416

SHA256
a81a8dbc1a3d36ed3f1a3ea07b7c6bdd45736003908f17ca8a7438b99651c58b

SHA512
b1e22f3165ca5d30d75368ca2dd3eba08118d4b458938b68efaff5fcc93478ec2358681cbc3b8a29845166ad6aa4879b77da5e28a08d83435e50079c1a3c89f1

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal
Filesize
512B

MD5
e5de7923a1c97c1971b8a2056bea97f5

SHA1
41b2e9391c568585169c4b4733d5f4d005e92722

SHA256
e56a4618076cb6c19c1ad8f74bc2a8461bf64010c2134e56c425c232ffc52665

SHA512
21ad333b75d0ba151ac12b3bec0a0ac246c54fba7633338466469261aac5d4f91fce9aebdf7f56a3af6d9a59129a4f0c960082ab9c80248fed38db6f381beead

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-wal
Filesize
68KB

MD5
447f6b9308589d5cd999fbf8b079a275

SHA1
901e3aeb2d906327f0fb2dad89574702ca35d8ad

SHA256
50c932227f7d1e0d7d1098d990bcabbe6643ff20de5a90cf997272a85ae5b6cc

SHA512
e9c0d68ded859b794d95d25810295da91d39d64f330eb99d78759cb5430cd73a7f455fd61a8ed47edce8a4a00a2ecd58ad063b8d7cbb0a00fb2b6da91088d152

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db
Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db
Filesize
16KB

MD5
8d912f9fdd4a53c5cb1e8486d5aa665b

SHA1
7a11303c6690bccf9c442cf42b13821cc214b8e1

SHA256
ecd8567191dd6fefd9080189907e99226abb524accc34c28d43e9f8b5a8b7170

SHA512
c7ef015e50895af8e1e8a770c7a0bd4640287f5ab54bd0b8201bfd615d0ebc910e4420a8704bdc3a3f41bbe54bf082334d964cef692b4a348ce2dd228acc5622

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db
Filesize
16KB

MD5
342771bee5ae31b2d70089fadeeb5e17

SHA1
14eb5471d5cd09a5fd07deeb935d884c51b281b7

SHA256
38db6e94bef0f1a0f9283bf6418d277ef4f0371fe813f57b946db57b7bfe5187

SHA512
7a5502f02b7d672e5fd8da9a839af5973d60c0001faf4e0ab8d9775e5028d01327bafa358f248c5223929ce255f36bfe744d4297c2afce3cb66cc91f08dd7104

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db
Filesize
16KB

MD5
37cdf465b1304393e6056a42e3f906c8

SHA1
d59c87ac5d17c7479f98e86ee4a3d7e958e10ac2

SHA256
153bdf68470930942b536b46dee5388e96c26446e8458c44b75fda9afec359c4

SHA512
880be0bf64962fd40dc6631c28f05b6cdae4b99a71d8dfca99e76039db2889e2f85fb53dc1308cab15e297d3ba8054c97983c915f6d5755efd345224b18f5e2e

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db
Filesize
16KB

MD5
1e887b6a6eeca4217ba0e7a0ef3cf873

SHA1
353d10dde13016cc7b9b4e3f75a4644badc2a6b9

SHA256
8a9e5278babca13abf3915a7f304cec1a217d55abfe2d1244fb3d1769f1ec0a9

SHA512
714be9ba52ac19c143ae98083164c13b925a1c5d0bacb2d29273d59da2fc187e6c888a0b3e60b5a5007977ae645ebec314f6eebcd3f5d3246b046c28e651aa69

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db
Filesize
16KB

MD5
ade57a9892c105eb146676b760e41e1a

SHA1
4ae761adbe22de8b6979c1e3b6f9129ab8ff2c11

SHA256
273783621ede4e3a64953b0f7bf0d9fc8ea1d76a0d3d822f94f568a1d9a36eb6

SHA512
aeaf10d02cc568f8f5a09a713bbfd0ebe83d7fd2f66903bc8a64e75ff83d9e438fb937c2f76b5424e540b10f6260ca29477d8eb7370f35cb3ba74ddf7892d8fc

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal
Filesize
512B

MD5
ce476d6f249010624952fe9d09cf9929

SHA1
e7ad5df592abf7995db45f943e157fb36240207d

SHA256
afd0fa80bb22e19888e02b631fb2df1dc5ab37aaf36bd238225ee75633ce5337

SHA512
33d5f66e2e2f04d4242d2d1cdcd8289056ed26f4b52c55eacf048f3c9d50f8cef4d96a2615c410f60f10f46804db65df123ec803a0f98ac3dd4e38e944880410

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal
Filesize
36KB

MD5
34e156ac81f0011c8dbbff4c3201dcdb

SHA1
aac2855300700b5e1a1921f724343042067aeab0

SHA256
72de3ab33d2c80ef2c7b36d4343cfa313cd680bcabe6f5dc55cf71abcce0ef41

SHA512
e2f942c56b6e0de39881a21fd8f4ce72f61c428f746935224af26daf43bc1d9a50a970d05a97a23d8166401824753d732e1cadce9890fe35dbf5c93a10d3c3fa

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
19acb26e1ee10446b925b19ef96c3bb5

SHA1
3805fdcf5d1e4e34f15b34284b8c95413d4c77e7

SHA256
b4b024c448864c434737749ed0bbd84cd15600731107637ebd674cb8e4e9206a

SHA512
aac52585a08cd4cee1e614f7897d6a1adaf4c745b47c79a814ba07e45a63bba44f17fb9e04a9f039e3aa7746e3539ecac95dafcc891ecd78a9c56b69c9bf11d6

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
c30bc8de1e64d9a2735204ef86134d1a

SHA1
fbc1e83ae712ebe6f184caa53f7e7327ddef3651

SHA256
1dd214d0f24221007a41ac244aa2fd6e27bb98283dd65adf09dfeeb69410c254

SHA512
659b6eefe0f7da93ab0341d2e4549761bae592e5bab8f2a1a2645c7cc627641379733a04c0e4ed579eb05db5423ee7a4dacb24f32d6d992cf55d5696b02a0084

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
6df0ef5038cf2759300d35778e5f5a92

SHA1
1c1cc9ab94182c1bb826d7003afa5a31232d0f36

SHA256
a2bfc5d0f0fbf9173b6506b947d37f7f5d381df88d76f31c49f2511979a82c2e

SHA512
b68c6726f107030d4032ca9a8e4fa516c0e90ed1d7416dfd31ad56a29a0e44c299f8dd28f41d0fa6c054378816e972d7c3d3ab0db52ae00e84266ab3fc070cb0

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
fc29f6547ded406c987fa86291db685f

SHA1
b23e86ca9a6976f502f89d42c01109e8a0e62afc

SHA256
b67a06fbd60e602932f661ec9744bf5f2191723132de549902d0c2ae81924317

SHA512
480be61847bf61f63bc8b8c621c721a0065821345f873e0a5061a558f9e56d2be5492d01d1673a56a4d7f0ff4a7ee83cd031b36ff273774f47cc76fcf0352aa7

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
0163bb7f2d025e3a0d2e169dcae841a3

SHA1
075e8429d465452d99b25d76d74641511b14c3cb

SHA256
8a8bb719d076aecab520a132d2632c1cc58aa4f7519b00b227e823d6fce748c7

SHA512
c1bb2b3662f09a4eddf769b9de6804e8e53c295003b763678cbe2677276364cddcd25a34b6c27b9d1de96a0cae069b761704b6bda272f49b6c67803e29eb1e5d

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/com.crashlytics.settings.json
Filesize
710B

MD5
ccf58af7c169f3506fbac2774ba9c547

SHA1
0412f4c4591a5b96a98eb78441206ba28693649a

SHA256
4aec1015b996e2b2a8c5c2ff1c2a0bb27a6ce43ca1af1694f646487a29ee76b8

SHA512
c3f478988c6b065a76ffa9435c01f49f6e1b37cc18b5b6011f8a105b5e45c6c567524fdd195bfca165e18ddcdba12b5cb511fdc27461f574880465be42e27c91

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-662DAFF000C6000110C08DC8888B2960.temp
Filesize
438B

MD5
25374400ade43d375aeb8a198901e270

SHA1
bf8f60709c56f0355bbbc2bdbfab36b6d97854f0

SHA256
84ca5804114aa6177701fd03634cda63605bce3f0dedfd8d4faefef45f278b11

SHA512
9e544aa9d220f4f9ad43134c64ad3e522c36afcebee277c69dd4304fe5dcfc059b2cf14e52bed98c17aaa46e7b98d3e14b0570f4311c55f108ae4d12b147b147

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-662DAFF000C6000110C08DC8888B2960.temp.tmp
Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/report-persistence/sessions/662DAFF000C6000110C08DC8888B2960/report
Filesize
732B

MD5
188bf98be7576e440ed682b7a3ff70d0

SHA1
ca52ff55d404d8988e5b524a961c37f10ee9670f

SHA256
94a38052c6f658c34ae0b47f88b258dfcb933f9a1d4c5e20abcacc785c0f2f7d

SHA512
28db4f3f6ed19b3df247e076499c409487ab58ce5e7ad2e50d1803d13a28efb963b80d4ab04177ab970de4b24cea4cda0b44bd870555691702cefa7dad848bd2

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation2624887099309813165tmp
Filesize
90B

MD5
38a373d56b8e3f8b5d9fc441b3e3a093

SHA1
1f8c65ef7454d10409f7fbf1332545229fbf981c

SHA256
f8eb1340b72a80a00375076d953d0e61039baf3f6b21c97c6e554f6d75ce214c

SHA512
08f96f91dfa76c257f2180914719d270211fa413437a35831baa4561cc22f7aab553272579c2045048cd899d8d4f429170fb4b55f3e02f1dc7bbdb31b82fa8a4

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation5061515906942986646tmp
Filesize
564B

MD5
288d130eb8f2bc96ad4d02940074bc56

SHA1
34eba7cd4f7a2022c31db91a4fc0676deff1ba82

SHA256
8e4afe441eaf603c79684ef3cfdc14d32575717b46cc5c064489ea6380604378

SHA512
2d564e08bd56eaeb0bf5d2e3a7f82d1a1c0330fddb284210b35548fb89d56440c0cd1756bbdc1ea62bce8b218903d8c70e75df45050a5ea1c35f15a6560c260a

Download Submit
/data/data/app.EasyLogger/files/gaClientId
Filesize
36B

MD5
6eca566c30a7ddb3086834d05bf362f1

SHA1
3ed903e806e4168d0804511265eb79e2d561c0d6

SHA256
14b1491f4563c43a2274bade72812ab68285917620163e782c60f9f15883ed53

SHA512
7752b2436f4676292382907af55dc0d4c45b4642488f3e658755a786f2da85147f0abd03614f8d0aab27ded51d62d55c9acbc7d8410a268c88a81ecf59b77011

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-journal
Filesize
512B

MD5
20989101f78cdf97f99bbb03fec98cb8

SHA1
b702fdfaab6f4798ba59d908682fdcc840f89142

SHA256
33d7e25a5c0f613d9268c3e748b7b97aca96c3fbf3e06a992c8fe5766089e9b1

SHA512
da775ca2d9f08275064b2658f7d5e8fa515006a2733eef6dd160b22fc20c0957c7becd8117d667851e507f7d10572a5e2e04c30623b552ce388f6ad8f147db72

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal
Filesize
16KB

MD5
a677398b29e23f9664d0edbb5387dc2a

SHA1
39bdda2f212fa3ad8c551442abf8b6678a70aabd

SHA256
e0b9571945286ff83e0f153a3de7dbfd3f86629971bdb61fe14bd4a85ec05a17

SHA512
6ff5d37f7ec1f48307e6e262e33975dadb1f65a255ac7e411402d70c2a6bb66bc74ea95ccca7d12e195a3699654644fb3ecc9f7c258c887de202e57199794378

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal
Filesize
108KB

MD5
96741cd56bfcf46feee55df7694fb2df

SHA1
5d3c297afc268f3cb95e6813272fdfed27ff7b26

SHA256
543ebb87daa922d1b93bbdcd4bdbf590826c349223cecef7bbaeb9e0e90d20d6

SHA512
8f3628593b862fef3b13838375b35ae008f1b01001f9018f5d0b6e04c74300e642870bcd9ade53b7f82afa180933c3d1cef27da56562f49005afe8d036fb209b

Download Submit