easylogger | 798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae

Analysis

max time kernel
47s
max time network
139s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
29-04-2024 01:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae.apk
Size

5.8MB
MD5

1398c9c6999be6f56f2364ec680f8557
SHA1

396c173b4c084afc3a2c89044ffa42a3f0e4dad4
SHA256

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae
SHA512

49ae3724b60f40ac3646a44164fd6879480d895e1096825f484d63d286b5c5b8f2557bdf752f746651504bd038bf9e93dfe7400977e2bd6ba24576843b3393dc
SSDEEP

98304:BUlRb+MDHwasxU19o7SDWNYbM2Wlghs4DqHvSse0EpO9X0xUCd7Mmp3/U5uaMA:CKhdU1xWlQDuSsGA9X097MaPUo/A

Score

10^/10

easylogger banker collection discovery evasion infostealer persistence spyware trojan

Malware Config

Signatures

EasyLogger
EasyLogger is an Android stalkerware.
trojan infostealer spyware easylogger
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	app.EasyLogger

Reads the content of the SMS messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/	app.EasyLogger

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	app.EasyLogger

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	app.EasyLogger

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	app.EasyLogger

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks the presence of a debugger
evasion

app.EasyLogger
1⤵
- Checks memory information
- Reads the content of the SMS messages.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4181

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492

Filesize
1KB

MD5
08a0e4fe28d63b1320dc5855d2f9db73

SHA1
12ef4d189115757d4912782b5bc46a7c36c1fd3c

SHA256
a9a4eaff74d5766f9e3d306db05892fe1a98b57413f6e5ded773c45d61ed6a67

SHA512
0eded244fecede1c00c2bd4af96bf61bf1189d172569bde8f57fd9fe5f64039d4a99c308a3e5c78fdae01e8ff3e6dfac16d6dd18bdcc7025b64b3c16c5cffefd

Download Submit
/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492

Filesize
1KB

MD5
3ae1dbcf3b3e2ed0ddfba5bd5263b417

SHA1
5970241060b8c325cd73e1a660ec2705473223c6

SHA256
09bee6caa0f85130cdef212a03335e8954f7af522020f11906faf9d7b9a57315

SHA512
e0552531342d45b7f4629af5b212e3e5e9f5cc7832a545666386dfc5ef43773f0228e6688f9cfa47c6f20cff2c56608e4fa74bcb6b02f7c0497635ad11959733

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db

Filesize
76KB

MD5
247a9a1ab8a9d50b768aea16f443ee52

SHA1
1b8ef45ad7df4db30e70051835585e526f7fe488

SHA256
6c414fa302b351eb7df14144c5c36a7ddd181615cb540f012ff67005837c9796

SHA512
6285e17579d1253b10f20e00f40aa8432e58a0e7b0b080c7ed52eafabae8f339f250897164409d1bc6512359557545998042fe41fca2e7b4ead85ab26918663f

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db-journal

Filesize
512B

MD5
58b1413e3b60f660aa08d9b7777062d9

SHA1
27f6a3423af1d682eaf2d9a04bdd46e110df9290

SHA256
4decd326fef98dbd1cbbc038c6a2c30f5a36eabf64796f4393f7202a78418830

SHA512
1ebc2a9ac0e89a54817e463353ce12991f0a8ee7a262ac6643bceef6ee80237191d49a3e80128fe12a7cc0f6d8e2480316f55abdcf350a7af035758830065541

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db-wal

Filesize
140KB

MD5
d6dafe681166d028c4a5fb8d09fe015f

SHA1
030c8115793036f531499af2c6e778da652b5ace

SHA256
76415441b4f628954f83cf78049d3f31eb5e243281adc6a5492e85b04b52f88e

SHA512
916ec1125f7656f0948988b2f31ac09b386b4a2455bae4c9c0efb6f26a5b66d29e9d683122e7e5ca7e9efa5afe91662e04dc872c4f2b10512964eb5973f51408

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
ddbaaf5b53ba894e9cca9cd89f7df8a6

SHA1
7b8a1ed9681a0f4e75a6fc5801c271fde9f9e85a

SHA256
23a4b0613003f12c9445e1da334432628f5e55ecded4937b3937c99b435fbd63

SHA512
9d8cfb0602066000d2686e75ad5473c35cf64012196e9bde35775a30ea5aecb1484cbffe18177c0e2b4a61180ce64a02cb74ec602d2f5856f249d99033b5a17f

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-wal

Filesize
52KB

MD5
490aa8c645d6ba4765fbba57f99f627f

SHA1
de6562f2b5abc786727735dc924e160690999099

SHA256
97fb5dc85e2cc6e48141ea7a55dc448d851c07f3d25db28522e9420423a7d50d

SHA512
23fd09ad95eefaa44742fe0a3e0fe51437de0ce961eb85a279c6ab7a790289993ed8f6cdf96d32440926b604f0b679ba5d738ce9e78388eea10db3147334fbbf

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal

Filesize
512B

MD5
692522f75b8031a78d1b48413591cdec

SHA1
a9b6d908d165012ac969594249e800bbd1da7ccd

SHA256
d1c85948bb7ab6935ea1df1b3c35cd2a1af2357617a28609687d233082566f86

SHA512
3c529b0508ff687196ee87736813f3bf35b2b5cafad36db6744fee5fd37f28c8f9549cf323be98bdc0801aba8266f942b3e882132c2fff4ceed8493fac974429

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-wal

Filesize
68KB

MD5
efd1a1162164e8b0db7883e0843ba956

SHA1
77f50348a5439f961a42deee872e77b6819fb4de

SHA256
3720203881fd932b72c6b431963595e10f975cd0d7770f4521daa30125b24f68

SHA512
e1f937c96e90b33bef8e7786883df0295037fac8a432ae8e063a639add971dd68d6122e34f69f04069f5f9cf406e7a402a272417e38beef6be35320be4617014

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
805b4342f1c19c31f0be203155c7a1c5

SHA1
0e03c47cc48978869cc51f08c9401f6191e33d10

SHA256
20d3b1e067fd617c7e7367feb195f3294047f4b94b07f41fd901621b47be28c4

SHA512
4acb77a62dddf7ec6700ee7508ef39c5268a73add3224fb703153e52fb40b86b9b8dc4c148c25bc700ebe4e3191884a1f07fc9b82c74ca60e027df66ed3c71ad

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
627e56119669ed7c5d6421f3dd5bdc3d

SHA1
6eebdf83753f211f618e08110e4056378ad6324e

SHA256
27c710e3ed44161584f638634c432358035925a682027163bad22c3b17dd55d0

SHA512
d4fe83eb9f12391044e0faf1386b589c763bf0cef0fd6b3140a76d535f7c841869b5f32fa92758473e2c05160e26c28cbe8fceec5225ed15e188af7abf43eb67

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
30e9593c660e674c95fd6b925d8700f5

SHA1
05deb095544136dd4156a3c457de929864516c79

SHA256
ad5a40b3fb9e29828ca5448b4039e0f7b057d2e691d5368bb7ab2045401ff4c7

SHA512
90d3b7f29c32e670cc4064861ee4ad940bd791da19cd6ec0a1cf1bb7cfbd95162ced5a3b11408bd32c9d4da0b60f784a129951eb0d18a92dfa7f2efec25eaddf

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
45d4377fd774691c62fccb4b66d7900d

SHA1
baaf1c6db2db221a910dbcc2325596ec3233083d

SHA256
c073b133177af87dcd23a17f3c833fa0aa494b228e2a8597e8140396d4ee01c9

SHA512
616159ba9281b6227bdc7fc87d06a2155d6f328c7dd5830281a788417f2ac3c649f1206baa70233cc3bcc9830e4dbeaed16262abee9b852d0025a1b5246760ce

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ade57a9892c105eb146676b760e41e1a

SHA1
4ae761adbe22de8b6979c1e3b6f9129ab8ff2c11

SHA256
273783621ede4e3a64953b0f7bf0d9fc8ea1d76a0d3d822f94f568a1d9a36eb6

SHA512
aeaf10d02cc568f8f5a09a713bbfd0ebe83d7fd2f66903bc8a64e75ff83d9e438fb937c2f76b5424e540b10f6260ca29477d8eb7370f35cb3ba74ddf7892d8fc

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
6a263fadab321f40c49bc53769c8dace

SHA1
fc854d5514362e765b632d3d42bb5dbc39e42ed0

SHA256
0eb3183c8090bbe6047a1d7aa831f083389ef8645e9646004d4b34e2f34eaebd

SHA512
044fe261381bf3041c17eb450edb620340f5758a58811f0375a6c8125a69df46332d9ae596c98ca5b40a986f01e094c9b97b3c397782a7de298f4c7f48d030ed

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
929da1a62de96e2cd1e406bdf35fc93d

SHA1
a7d8e5bb716e1e217219eb481329795d3ad3a936

SHA256
2c4ca66f4cf7bdbd38a72647e5097715925d006bb50e4dae957b3aea21697f47

SHA512
904e4cc1bdac72176f09424465ee238f61031dbe7d0c6179f1264b5e9d22486bbb822f9c6b9fff1736bbc5a2ef70e63941b12315e869b67a043a78874d947803

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
e8d9860b467f0d78b3eaea38282e0d2d

SHA1
24976d30a514ea0f5c29f549f15a71240c9d7517

SHA256
7335e19d19fcf87990b81c8ee4add7d8fb23595fbc93f57847d7bb7b3ba1e3c0

SHA512
8171cd23d48a1042082fadd40d4761806aa83641246678119db585461d06218c5129e5ff695b026feca562cdb05bb5e35a7bc00f8496adb2a932b0d3f5222f23

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
ab8d05f6fc5707f9bc4820f7f77ef659

SHA1
262a4391a1669140d7e1f7fffe39c07af88f8637

SHA256
c1221e4867e9f53ddb352ac011c3c3e90d2b9411381bb8f9d83f4b8db423d02d

SHA512
bdc673f3bd5ede4a2d11959174f376677df8c0644dc6b15b26bd4df5fc8eeae1e8290990047df05036167eb2c1738df6b4b6b3dad8b4e17834a530b288c9e9f3

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
419a0fff496e383d4624a9c95b9d3dad

SHA1
d968933a7f88e064ccba9a89f45141f886713db0

SHA256
7f2e83e22310d72f6292e9015db5f5d1cd42d51b929ca3b953a7b8705c762d38

SHA512
db0ffff1bddf78f6c37faf99923f08a28393266b91b361edfb14bd733bed90a15bbba5d3331ee601713b05bc83c6a0a378a53812bdbc322386d915794413a3af

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
5ead232170a709546c5bc1ede0afd6b5

SHA1
e0871efbf77289c6480a71b91c8883c3a922487e

SHA256
1186a9f329362c3bb183e56dc2de9bd1636f6c6d6fb1b899b4d4d7b3ca62b7cb

SHA512
156cc4f19300b534bc1046a4399a035d52d27484edc50bf75f73f5672359b49a6078441fa5556d8ce85cb9da1bc4a5079856b6df1fd8bc6c2ba60b7279a709b4

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
8e53d0cd3c1a1f6fb07ecfebc19b4a3f

SHA1
74ca4b1c041720203558c57edf013f68b6acba6a

SHA256
81b9207cb74359d3c0a98dff3ca0a2999542a4f6151b55f16af0302ac246ab79

SHA512
c4863cac8f2f065a1921d2667741a4e1bdb717e7d880fc95b28413c0376b04baec1e7929dc7b33069cab1789fa3f39c333a1ffbff7fce33daa839678977682b7

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/com.crashlytics.settings.json

Filesize
710B

MD5
709928bc0490c77cb8fcc058e2ba8d93

SHA1
ec492a0f88c7eb72b5222ebf63c15d15e7306c70

SHA256
71f7a4f52a4af45b40339447b3d997fffe40e076e40a99fbbf2a4b21e02dd426

SHA512
e72b6b9c23c91b4d9ced6f28b42fe503194984cee8f2423442332a31a13ba85377034280ffdf53053df44868e01095927cebd07110ccaf3c8a35f68f843e638c

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-662EFEFB008500011055B8BC699A594E.temp

Filesize
443B

MD5
6de5ba37c68703e8b67ecad488819b43

SHA1
de4e1e49047c000ac7411df4c960b3b9642df140

SHA256
ea67134ac0d5cb4c48c81fa01e8534f335146dc4d4cb1a984761dc9243392be5

SHA512
827f30c3b77914b71d6438e66c1cdc5c86dcf595a44236c04efc505d5ded75b983fe9a8f6104fd361a354bc257bbc0898be822fb4cee8b8958129c097149fdfa

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-662EFEFB008500011055B8BC699A594E.temp.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/report-persistence/sessions/662EFEFB008500011055B8BC699A594E/report

Filesize
732B

MD5
f4ae79a37667642e7655c1951c9bcb0a

SHA1
e6f97462e9b9824b53a2e03f0066e52fae31e5d2

SHA256
b64677560c5e5bacc679c07613e8bab10f8775df2e9f6f840ff1760c3cb3bb4d

SHA512
a0da543bdad8fc98cae0e3aa38766db124311cfb3316a78cc47431656802fa02ae53459336a9809141ee76dec27cebde6a994f29b1310d9b43d6d84ac1ff7ba4

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation4354081725840772365tmp

Filesize
90B

MD5
7c218f2fc4470f8023a682db7aae5fde

SHA1
7f5402a3b9cf4d82ffcf4b8563100f1ec997cbb1

SHA256
392afd3fcbd07c707df235d553ef8e60c8172d818106adb941191c86d96baf05

SHA512
7c552d4454d2862bb74f41c2e39efd1dbe86212a785bd00902a98a13878c40ed35080b46d583ea8728d4387a27279c49f36c031b5d3f4fe13c784620e053ebfc

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation6328791602049587832tmp

Filesize
562B

MD5
52da3d0591d0c70cef02630a2a1d9096

SHA1
4dda7aa3359451dbefda4621416db8e2c708f5d4

SHA256
a51f568eb934daf49593143151affc52a85d0437bf0fc9887fdbb86de02c0432

SHA512
653bee3cebab0e0e7de1d91018a93411f43d06794216a2819dd25c443eceed2609afc3e3edcfcffc924115e317ef90cac4116236c71a358c8716d459ecaa322d

Download Submit
/data/data/app.EasyLogger/files/gaClientId

Filesize
36B

MD5
7e75f03d68fd325282f8c24ef5e8456d

SHA1
685951f3a049b94d53533363af490b18dc78609b

SHA256
7431632a47b8c397047ab442522bdad258e3c73e7725caa57fb0507b83afcf4c

SHA512
12d28e24312ec8f5853610027def87c0b23c5ee5ff0e1dcfcbc70d52443023368b0960fc3d7c719bc62413a09d09a37a078bf5692b572f8c20f8a5591d4e7e90

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
7d4e8fab4a4681b40af204aaba244a66

SHA1
f45e3921624cc18ebb27e41e8b75f58be8d7ca34

SHA256
f38aa13847fe9e3c6a26ccf9288284f9ac8a76bdcd0e25f4723ffd033e595e32

SHA512
e2af1682bd8ed1bfbd03f6ef41be85b6905e6ebf9e41d3a183c028a52e6bb50290fd170fa519c0a981244b230d5a98ed53a53cb5a5daf45a1dffde554eb4d110

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
d3225b58f4771e4062a3220266730d26

SHA1
8db0cd142a8b6daf6e1c99d0b3d69f5ac4781254

SHA256
c26b92944316dcecc0451bd33b2b1a341ce9b85ed1f0fda38f7bcb9f97f0a56f

SHA512
6e574114d9c32591bcbd31635dd98a4310a041bd7cfc6fbbcc88791596ceb5ad64921bd39c5a5dc6e931cffeb72aa60eca2bf997f9e47f6973d4082d62e9511c

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
e2bb0fa41341e8774b6e62f63dda863f

SHA1
fbe1352fa6d9210f088ff4900345765ce73e811a

SHA256
b8b0aba38a1309f53c92828b5e5e6af4ca3c4e419d13e88f6c4968c34ee3b99a

SHA512
100db3abf6f61b3e0d62fa69c9a7e3dda64b974842664e764eca41fffb01395e1f0008fb6b0967c197513ce37fb2011491952e719230e90ec2c120b6d657b859

Download Submit