easylogger | 798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae

Analysis

max time kernel
10s
max time network
144s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
30-04-2024 02:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae.apk
Size

5.8MB
MD5

1398c9c6999be6f56f2364ec680f8557
SHA1

396c173b4c084afc3a2c89044ffa42a3f0e4dad4
SHA256

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae
SHA512

49ae3724b60f40ac3646a44164fd6879480d895e1096825f484d63d286b5c5b8f2557bdf752f746651504bd038bf9e93dfe7400977e2bd6ba24576843b3393dc
SSDEEP

98304:BUlRb+MDHwasxU19o7SDWNYbM2Wlghs4DqHvSse0EpO9X0xUCd7Mmp3/U5uaMA:CKhdU1xWlQDuSsGA9X097MaPUo/A

Score

10^/10

easylogger banker collection discovery evasion infostealer persistence spyware trojan

Malware Config

Signatures

EasyLogger
EasyLogger is an Android stalkerware.
trojan infostealer spyware easylogger
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	app.EasyLogger

Reads the content of the SMS messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/	app.EasyLogger

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	app.EasyLogger

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	app.EasyLogger

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	app.EasyLogger

Checks the presence of a debugger
evasion

app.EasyLogger
1⤵
- Checks memory information
- Reads the content of the SMS messages.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:5091

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492

Filesize
1KB

MD5
a1036e7d6e17afdb47848585de4e615f

SHA1
920de3cef5be20d08addbe6cfae5bfacef81c9ba

SHA256
9e10229ab9630b40c7c91c069de1fe109b49ec8152ea371253bfc8bb38033430

SHA512
04ec3d69c329d9b60866ed82d03c2c7fa264ea1383fb0a3eb7d3728fa8c58a7fb4360d18b74aeefef8106b68b518fa3277aeeffc021082bb8bc1cffbd61054dc

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events

Filesize
40KB

MD5
15d5b92dcbda7ef7f9ca327a903e46e4

SHA1
ca153b66028a58d90346ff8abadbdf01b95c37b1

SHA256
e802fdc1ccd833b91d80bb1d8f54cab2b585393e6a07622c4d9feaab07633370

SHA512
2352f167ee5aa37cb3438a0a7df8f632771a1d019c5cd120fe62313fb73aed6d0e09186a9bf306a564371b846a8da020f6acd7aede0cc47ca50701611fa84aca

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
bbe1d4c418e84ae574d5d06bb29c341c

SHA1
197c9cc45ddb1992607b710ecb05cbd2761edcac

SHA256
3a6cd8ff841f625d8bfd5dd88ee71c4831abac3657004f2cb4c1bcab24093c10

SHA512
9d2fb64040848dc80da3fb05ab7bd91faf7d806ac1b28456c6dab56f7d8a374875472d16c46faf073673b2489a53dd80a9f67954aaccc394f9511ea7c093e4c3

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
2d8db19a4b365d90d62c28bf65b704d7

SHA1
929315adf2764aad1686a489a2400327e9770136

SHA256
cb6cd76c364e277ce2435ed0c315902d6de04bb64dd19c8db182d13773fe24fb

SHA512
1f87984aef0379d2f5f0bdc6437fe68a873f00565bb96a7c5ad5ad8e628cec52e22c44a681504e2352ec60094b602d3ee1f64b4e18db30198d1d192fb1e6b22a

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
2136bd09edbe1455765981f1a0493570

SHA1
2742b7f23f8c285f5913c5b85bb40983eb18025e

SHA256
39b5be73ee2dec13a8edfeb7e73404bef03eb2d4cd535e173f06890de60fc5f7

SHA512
425e33656a6a2e3e27a86bddd5ca082bc18927034f81f277ce58efe99266ba783795cff6ade433fcb183d30fd86c8164dbb0ed5b2b4135e0b7a8482a7dd1bfa6

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db

Filesize
28KB

MD5
829c8698a64e67d7cc5fa90e8a01c974

SHA1
acf5add656e81f465a5b3230581996ba7d6b2b9e

SHA256
33179b171d7e32c4bfb6b7767c5a9bd1168a72586d9c339f49e597601d14fc29

SHA512
51dd1010be23ab775ba8c5a5d6367f2415b692b248abaa90f60d30b0149dafb0f0839bb47a3a0e374280f7496ab10414cdd6d6b1a86dbf6393041b6ffb57d011

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal

Filesize
512B

MD5
d81c44b6a629e72d6c0c85ceb4dff9e9

SHA1
38aa81539f96011078db162e4fd612a08ab3e7d5

SHA256
f74a17d5e896abcd84980cd2d4dd522cd6b9c32e523a8b33dcfa72ff46931ea7

SHA512
f191325c1630aff5c18cd8ade37e993680218f0502050f6f13684f21b0d0edffada4b1529ce32bf611bcb7061fb182c8ada3f53d560c605678246b7f51cf8121

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal

Filesize
8KB

MD5
67cb479e0faa47e5f0be52a95e3b565b

SHA1
189f5040ab5a52ec47f7e0ab9a0e60c9df48118b

SHA256
ad2300f8077894af34a436e868c6878bd2f24b3685d265ea183f72927487668a

SHA512
7c18db5770de6fa01457f89c5b9a08a7f8810f2b7a6845e41aa61f0ccee3e85c279d2a76fb406b3f526526f2227403e76920535e4a2dcaee9fd6dd92f795af83

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal

Filesize
4KB

MD5
99576b6aedeeedbbf80221b92763f705

SHA1
0cedabc4b1a30514ec2a536dc6bf1bb5dde64b26

SHA256
89c1ba6cf37c7928021dcd27da29935e3ae9ba17abd087079c847cfe78528929

SHA512
1f9c0f2f3d6638cc84f9143b8cd25d4a2af1eb143bc6c8d3c6cee30e3c299b7060bbb965e7243a1567f63b9848330325900f14517a049e25a91bbac44a4d980a

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal

Filesize
8KB

MD5
f21e458e3b84d01b940249c471e7b1f9

SHA1
5bcd2de2d20313cb8775c7ff872dc71c9a43f50d

SHA256
b6074b5cebaab5b1efa3b2d4985a920a5d02fa92e051ef33419b9049388eb2d3

SHA512
df43f45b0611c7acf3f3a84d307065cc3f6b5c98f31de5dd969654e57f5332a4c94ccbedc2d94dc554a6a7dd3e9f24c9cd85b418bce4766d572cad3f6e659641

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal

Filesize
8KB

MD5
60984645599c4ecb6afb732edcc8b15b

SHA1
3b349a184d76adc976118643ffa51baa03211092

SHA256
78dd7cddbd1283215bdee4cea4e3581baf906a1695ff9fb3ecc09a4c07dc3a50

SHA512
2aa367674738fe20371ed4bae88816759c8402ef47467d07cd6479fab50385cf8425511b4e351d16df0e7f90b8ccc30fe2c1db2a1642a8bbb6774338a72b4fda

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal

Filesize
12KB

MD5
f4c38fe27afbcfb3aa081ba03a756cc6

SHA1
a6cc6e83404f5f007bc79df507fdd5ca035ce05b

SHA256
f5a47375e0aa04a4c7b65815f355d0567fb14e4a3efa4410179a909fd2865aa2

SHA512
b2e46e1719710e4271fb7923cabca8b2d844cd10cd06ab3f027d85e391a7a0a2855f041e90d345012d09fa2a785a0a0bf3c80f251b3dad6913cf208e8629a93c

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
873d129e2ec4a3cf5fc6e648ffbc343e

SHA1
3578423f830c35672ccc9ffeea6a0cbc2c85f1b2

SHA256
8b93b574952ea493cfd1dedb80408d3e8a681134213930862eb0a4f9e65e66fc

SHA512
936e8dc8bf3030d17086a530a73ae7068f8d10e4d0f3e9fa6b42ecaa4b4a37612c6b3acba18ba1eee78091f662bd37e0223862a73bd35dd022f2b7eff6fdc489

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b2d23cd4696865cc03e580fcef01cfc0

SHA1
41763313530640375f8fb882a2a2a831e3c5d4c2

SHA256
8527d5710276969a9bb2e81f3dd1f39b09f556c46b4f56bf3be1c54655556d15

SHA512
fa127d3c9f6d45f53be75a0f670a3d7ff290e16e110da110df84268c40ce06cd3c68ad7a86c4f186b8b0b65b6fbe5158a1c11cc65126c6c3be3d8620849e2162

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
0913543a71a5ccd02b84650d52b95f9c

SHA1
ae918e7244d07c0d4c3f23ee3f34a1235dfb6d88

SHA256
dddf7295deeb28aa4851193cfaad3eae2642bfea2349ed3c127bb001af7604f7

SHA512
407fefe66d3dcd70b731465de9db7dafee2526b9a8af71c2d4050ae22ab4fc3414ad0dbb9d8df45abb9ebc0eaf0e166888067c0d8e9fe49668aa753d60eddabb

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
e0280de8f4590f427dcef887cedf9c70

SHA1
8101d4aaa653c29258a6d0b8e5a29a83564dc57a

SHA256
26b332eb24c2388bbcc252f194ef6203ad299cd8e346b999f5e04b96d78b9993

SHA512
f2b9d6104db488411d58b393e520fe9796d7ada091cade92a3139fb6702774f82430b5182e2a9259e37e9535ff594c00250c118a9305627d6a614bd20d38b7ab

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
9be011b2af83533fab2fe0408fabb0a5

SHA1
fc28efbf07878185e28e2f8e3241fd13271640b5

SHA256
abb2f3d89108212a7155c142229ee77501614f31e629717ebf07faa09935d3e9

SHA512
37109afe7ed95097588295140c8f0b3aa6cd85883b48bf39cd57381a3fde16450c9b0729436657c81c7803bb8a02c6d146d2432d4c986f6507abdd6f84a8920f

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
8fb16ec2eb2172a83e4d9c054071bb1b

SHA1
cf78e61f1d0ad5774a7f273a81f8b4796e698c24

SHA256
23b3bf9768e26af28ecba5088a3d8099be50ea18daf8a8420bde6e90afa02b77

SHA512
6f8e12ca703b69f831022411b7871ce23007c30f27f2ca18080db7faa784fa1a7537ed3ebe24c1679ccfa18e6c25c671923c0fd0652385ab2117a4eab1d13ec0

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
22b8ed26a48461799c0c19b8cc045cb8

SHA1
f8ad68380c52d619af6080c7925bdc6a9d13e66d

SHA256
a2ef4f1ccd302febf7b799ebd0c45316e2f92af53339e0ccbef2b4516802c98a

SHA512
043744b86198dc3329f2cae2243b273f1ad0f3101552ff2ab50aff0e1a40cfba7430a581febd26d77c29783153e7f0b2b245b1b8c92b3bf7284613cbccdbdccd

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
7d1135a55be851177ae0e9a3d58ee2ec

SHA1
37fb97085c9b6d823c2ab2e95ff58a100e14c44e

SHA256
b6bf4862ed3b8ac852bac6fde443499a902183c470455176bb6271a2b2f3ce2b

SHA512
b130eca03a0eb57e9a08874a61db5af2176715ae738d0e433aed06d093d30f5200c913dd80fa539ce795f4764188c7e505a9b0bf1139e45b70627681b8fcd93f

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/com.crashlytics.settings.json

Filesize
710B

MD5
6baacd2b2d1ef8ea7c86a902f16173ec

SHA1
68aeb9695217eab4c0bd9ea62fbf929561f5fb78

SHA256
47e65e87ce245311fbabf5ab7513f0443698fc5588ba487b2fc3d39c84096e58

SHA512
8cec24e754adc32db1d1d9b88d05a1f1c7414416317fe1cc75377faf89705a1bd2193db63f836fdf5f254199b260b612cc53f1dca654eff948fd1b03f6f1d986

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-663052FD01FE000113E317DE8ECA01F9.temp

Filesize
88B

MD5
aaca4a18189a75a35cea447596c39c92

SHA1
0696dfcea93bb22af86256b2e6aa2a24e8bf5c3a

SHA256
090b6bcb439626b0670c107fbe6964ca776a6e4bd736891335ad13ccc61135e8

SHA512
e936392f0e390bb93fe7f6e5a6ce982d30518071f1f60af3b749db4ed8e505acf021ab1f77fca8e4e680498e7be5f3a8b71961e90b08eb5f3c72ade11729e3ee

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-663052FD01FE000113E317DE8ECA01F9.temp.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/report-persistence/sessions/663052FD01FE000113E317DE8ECA01F9/report

Filesize
733B

MD5
2a2ea141fb00da9593e40e31fc739b9b

SHA1
5c82d8ad83c0b852c3a7cde393a4dbc4beaac55a

SHA256
5b2d7f7b6dd6373a4c9465d3f484d46bbe8ef88ee9e8695896e75589e8cd7092

SHA512
a4f2d7de94421398fcbb7cea46860fa385ba0bd29cc513083bf704d8a89f01e45ac9aa5c2861b3db001498bbe52e8254b93b613541ac6a6f24bcefae5fc36184

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation1983089044203290759tmp

Filesize
90B

MD5
a9c4327c012d3806c044a2b4f8fdacdc

SHA1
6d928a9fae81be585ea77a711e2f920c14aae534

SHA256
d13e621cf8712dd427ec5f8e7ecc8555581f912d8e96f98dfdf3a31e41df68d7

SHA512
70c0b505ae9847716023eeea54cd7101b14a4e830c134e70dac17a4dfd4c3fb7ba326ddbef82fa5e38e6ae721a1d09926677b5570162dd3eba6340b50daa82be

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation517253863042036233tmp

Filesize
564B

MD5
3208f9bd8a07286a0780181900832729

SHA1
0ebd0acca72e19ed745870b17611b2d1adc955b3

SHA256
2d467e6115ca4383f3c08a843cf6149e324a35582517e0154a1642792b084642

SHA512
f8e3b53a96aef7e3ccc2f2f4b11a046bf84fdf7028984e19a0f6dcab8e5bbed7de84f0b67d8ef81d4c387add9f4658cfc455ade00a2db14fb7449644ca26bebd

Download Submit
/data/data/app.EasyLogger/files/gaClientId

Filesize
36B

MD5
18712f76116c5934042242c33520f99c

SHA1
e909dc39911e7659809ead72cb4ce6dd25755c27

SHA256
1e34646b250fc3fbe8863e458c5c152f86ef828955485fc5e5525473ca17fcec

SHA512
c6149cb2fb68a4b42d5e1a96501037b03cdb3b511044e896b3a773e9079f61dafec837acbf1735714c8df7905eea41d0536b8e87d8ea55ac80dcb84a584a0481

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
69c34b2114935a543ca4f24bed935320

SHA1
f7ccee968b60c8914484d979c02d780332230728

SHA256
b45005304426fede5edfc6b0d9739a4ab42c23a5132c248d636a7cb3673dcd55

SHA512
2977274d422a04dad2e646d4f0b7570929659a06c12999a3bbe5124310692e556ea225060c2229cc4a9337969ccf545525cb9e99d8111e73524eaa89f0186926

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
fb16d0ed44eb26ac468c728c559ad2ee

SHA1
4e66491d67ea99490151144def02a3bbaa9ac72b

SHA256
ff33072e809ba0b916d7e828ca52fc0a2336b411422067f3e8d96f46c5456b63

SHA512
9145282c43ba78d0356d1ed886203c7c8b3a2b6949fb640d36ef24620025b198844f290db48d0412b287f6f8c4a5b6722dd7b59cb6aeac45e46b35186f4f22d8

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
f418188d942a0fdb024cfedc592122eb

SHA1
d1e3b2074199597351dccbbc1e1153ae49a21006

SHA256
21d00615b802c453770796f9feab9c327e2b1446bb8d2a9e79dfec3cb07e0928

SHA512
165ed9f930cdea025f32c4bb7ba23e9b360fecf7f5e013fc88ec5bb9efaf7a5e5d283e0bb8a6dae9fcea1618b616d7f863cd70bbbcf2c97b97bd6762dca82444

Download Submit