easylogger | 798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae

Analysis

max time kernel
47s
max time network
137s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
01-05-2024 02:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae.apk
Size

5.8MB
MD5

1398c9c6999be6f56f2364ec680f8557
SHA1

396c173b4c084afc3a2c89044ffa42a3f0e4dad4
SHA256

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae
SHA512

49ae3724b60f40ac3646a44164fd6879480d895e1096825f484d63d286b5c5b8f2557bdf752f746651504bd038bf9e93dfe7400977e2bd6ba24576843b3393dc
SSDEEP

98304:BUlRb+MDHwasxU19o7SDWNYbM2Wlghs4DqHvSse0EpO9X0xUCd7Mmp3/U5uaMA:CKhdU1xWlQDuSsGA9X097MaPUo/A

Score

10^/10

easylogger banker collection discovery evasion infostealer persistence spyware trojan

Malware Config

Signatures

EasyLogger
EasyLogger is an Android stalkerware.
trojan infostealer spyware easylogger
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	app.EasyLogger

Reads the content of the SMS messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/	app.EasyLogger

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	app.EasyLogger

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	app.EasyLogger

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	app.EasyLogger

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks the presence of a debugger
evasion

app.EasyLogger
1⤵
- Checks memory information
- Reads the content of the SMS messages.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4246

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492

Filesize
1KB

MD5
0ae9937af0a113e20d61211b5ef45ba6

SHA1
1ff314ba2bd35f051a58e798fc35783b511c758d

SHA256
1a5b7bfaf3cf463f8ab2126e2bc01e1a29bc216d4f70868eb83794d5f3248034

SHA512
b322fd7a6a52df55a82b211c566ff503686c6d84b84b2c235fefd30ec5811f072ef58db29f71d59f3e34178cc8c63bd63bab127c3eaa827fb5d90a2f4a1dbfe4

Download Submit
/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492

Filesize
1KB

MD5
f57968d8415daf0cc6cfdc4074d46249

SHA1
8793c85734551077869394a8dbbc3d7b0d63d89f

SHA256
f96db5d6d512ab1e8a9ed58e4019db1a8617b7e7db3151dc53d39d9e648b9314

SHA512
205d95c1d5a417d750bc0a66f46fafc7458a9714d8f3e39221118c352afec9f1e20f3925529072f7797237c4a65eab23e3350ee4463a930c67630f72578938fd

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db

Filesize
76KB

MD5
247a9a1ab8a9d50b768aea16f443ee52

SHA1
1b8ef45ad7df4db30e70051835585e526f7fe488

SHA256
6c414fa302b351eb7df14144c5c36a7ddd181615cb540f012ff67005837c9796

SHA512
6285e17579d1253b10f20e00f40aa8432e58a0e7b0b080c7ed52eafabae8f339f250897164409d1bc6512359557545998042fe41fca2e7b4ead85ab26918663f

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db-journal

Filesize
512B

MD5
815fea7a53f48eeb50f260abba23fd1d

SHA1
b1be709ed33c9803f3c42b3171eee1641bd8bb64

SHA256
f54c92a36e9bf66f4bd9f69ac500546ba43a8e0c3881f60055a457c0f01e1f76

SHA512
93bcc402cd17180b3e19a96048faafd3eb65a9434bc59f19bb169cd5f498dfb6776289b9966d64e886967631aa26b1f55426d801f722e65f3cfb28e265f3ff7d

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db-wal

Filesize
140KB

MD5
eba9faae400df737a4d5883d452d08b5

SHA1
4fc159e66840d35a46ce10127e4aea0b39b249ae

SHA256
68259537961375c5d1b446f6ff93b4e922d5e1fc128a62a3beafe8510711a6ca

SHA512
c88c6b88141aed85f3c0e1c69f4f0106c2b95da834a16d4500ef01edd11566cb743b4a1cbb8708a8d183fba702f5017bd4823aed12c6d41a4244d4b5491292c3

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
1643f26c2c50ffbf139a6615d069cab6

SHA1
942f327e3bfdd23ddff27961c5c9ee4139b016c9

SHA256
78e41f383e896cec81fa8d4971085a5ecb8a5947895b062dd3351185b724fa3a

SHA512
da9d3dcbfa1bbf4ead3c497f53d75c3e839464892af0e3e5bdd584e49e205bf1e76deea0e9b9cadb0f9f27222046d259359c9a9b81e4c7548db0e1abe8c0d420

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-wal

Filesize
52KB

MD5
64d2c58850dd726c7cc0eb0e3c97bcf2

SHA1
811ed942818213098d3e582f37889abda86a4087

SHA256
03b6b066a41f81ea461bd463ae16c59c1f03216f683a37eb0196d884b8d88ed5

SHA512
1853dfb64cb811d082a7eeb49b1c5d939db5d71107f4b39982b98a936b28ad8976bc42576dea3e645f42ed712059dbe2cbba53c384e8cc957440638ae35e0236

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal

Filesize
512B

MD5
1a7d16b102fd9a27ba46f966c105a60f

SHA1
7d8c881ea03661cbc72edb544e9cb6afc2e962df

SHA256
343562c71819a87855c42999309cfaec1e13e0d32a8cd9dc3bd564779db3f8fc

SHA512
746fcd8451955ae94dba6cca8cbbe875722aa4bebc18109e35e074842b21be58fe68ed2e9a1499ab0cf9e7e4c2625fd3b8b606f93e0bfa47a5eb672788381511

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-wal

Filesize
68KB

MD5
85c08c0d13b6b77ae7f9f1d14d7e4d8b

SHA1
6867ed82c51ebeb3a481e89c8f4aca3e111015bd

SHA256
40feadbea5e699c96e7b99d1c2a49e118d1624905f7781f22d46070b538d341a

SHA512
87fe75e4535c734fdebde6832fb70de525930e3a37f82ea9f5d4f38bcca7a61e459ee973ead81f402f9a7aebc916b0a051e0e1088af69c808115a9a4375d4643

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
523d6ea0ff781058395337c2552cfeb9

SHA1
f8cb250df7c52e78a2540a316e74c3e10712d351

SHA256
411de2f8c65eb5d7a3af347bbe7a2f16ce597bdfdb13959c78d85faf6c272eb2

SHA512
7c4caa8a1d5d60d13c0044e2db88e69d89af0e374b812f63114a4e1ccded7943c680050a0ef68eedf03188daceeefbbccc9e367819bc0a84e7625eb7a69da968

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
5aa1c9dba3f830eb4fdaec46a9341790

SHA1
bcf98372bb94f6aef19b66fc651de4890a01c590

SHA256
376c016e45c7e5d1c3fbb87852f4c8dc25e1a466b13123699a75da20f633c930

SHA512
ac32584a7ec4ce29874cf40e32ea3849761df84e0b119373362aa47092da0459fcc65fe3175044630eefcbfe9e5b5e208b69b92ea05d24d887f40ddaa5848e91

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
98b709065fbf92fbe4c1211272a95293

SHA1
9c0167872d880ec09b095f4fb2773c3b428a5164

SHA256
1318f21e2494bab56fa979782fd8b6933d6d8ddc1683fa92fc25da1d5902d8c7

SHA512
88c899dc16aef52b9fe5f81715a9735dc468cb2e78bfdd164752d6e6304481182497059975e28f6f4c557cf8e02250f7a94fd25130bd55bc9272c1dc194c7aa7

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
85ea3fb1f9c37d3aa21fe47a49a53f5e

SHA1
91e9761e7a3a14eb9042f1a2d68cab4af32e8501

SHA256
3a2c3a3d5ffa1e08090d8a8a47eeb3f90579c10ff8e56577b43f841a1b0672c2

SHA512
ff11f67343015be9c33f55bd1880d57b405c985dd4b818c9659b4bd08436d15fb8d955b5e5ecb0dd0da2835193a50d1ceafdfd1c440bf908969cbc6194078bef

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
87cb9139596742358c3c3c255a7eb83d

SHA1
4c828cd7ecb820c49388be23f7044752b2a799a5

SHA256
3efa205c621cf97960f5c1b691931bf0b983ceeebbf1833b6fa0f9b1391a1593

SHA512
7edce5c507f0c3efad1c9fbc7da751a2b11de32fb23e52f21d18cea525e1172ffcdf71198884a0a5c88d84e3268d8125815fe88f78743d9a2b2fb4982a841b2a

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
216d70b4bed8909a6ff6ebb0c0d5bd62

SHA1
adf4ee4d5b7b65cc8489914a0aad8ffaff803623

SHA256
4f39276e5b12d245f5fdd9fd63057e9b80d7b1002aabdfde1b42bee6d59325be

SHA512
7c0bfa5fbd063cf6299a4e8358bc7b5bfecf23305d4141735727f5f5c29d0de94156b18fe7498203c82b7aa410f09fa3817dd9e5bed4ce870509b2bc4576d974

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
57535c7541dbeda804d27810f567db02

SHA1
5dd6fa427e538cbf32103eabc4b01151fe5f9d14

SHA256
ac948cced6948641038b5ee857d53864314abb8df8bb47ba079e0ef207522009

SHA512
f265926180f10c757fe8c4315ff9200cac9d25a8446d7d8b6bf2d317d0ffa2a4086ac27ac8aeb733494e845c8b5a27fc7413d45fae68676b68c4047bdf5c327e

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
8a5bcdce14b3975535171c09f2c3a60c

SHA1
8710987a310f972452b3e5a16fad1648ec3789e4

SHA256
ad17ee5684190d6cbc5794f7b4c91825e3ad5dbc08864b0fbb1c7c69718dba13

SHA512
15efa9ecfa4107afd41779604614f838029c6da2e5d1507d31873e5ff19f1226efc9d50ad3b6dbf3320b378b3b63f3e5a094daf79b6122f1368f1e10fd93af77

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
94f77e4cb9cb612a9872a2b968fd2499

SHA1
8a5d575649cc5afa7ec3e25387aaf9a067f9ee36

SHA256
613e7694e261715ba2fd5c181afd94636c29401caf54313d90cc4c31a76b71ff

SHA512
15a07ed85f7461e5ec345075f39a2481e82f24184805f8b1a6d0653519bd8e92b8680853702f572cc608ae87e4c4ba06e89e0f7dfe12c59a59e9364964a2ff6e

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
0989db55f16cfc250b2468d378d5a1ab

SHA1
1976bf5d3a3db4ffbd73b2eb0e79a9cf386aa60e

SHA256
2a9886b018c95444c4777592561699f0cd95de35babbf8f17f58ae5409d9d75d

SHA512
e92703c0be43b95e91dc0b754406f544a83c9654f4e9c4b4e19852cc13db3c5080b7333a36e517dfdf5a4d81402ad2b2113e3842d7da66edd6ceddee64fd5a8d

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
78d4186ae7a805ff43f2535af50f4c1a

SHA1
4d8fe3e87318dbe1cb6ebd5ebcb544e3ea855b9a

SHA256
452ed1b0b272d571ac19ca83b8b567e3dee126275079cf384c5672c7d823b1c3

SHA512
6bf6b6db24a387f1c49d2946490a227bdf9ac39ee815881594c450aff35a0e0ea56fc209a845d4fb2df1a387df3f1953c20c2bcd6f09c9a8b2acaa57cdeb4598

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
6780ca4f8539fc6223db395dc6c8a2b4

SHA1
74aa8ed7686f4b57c0daf43b2ca272e9d2ae1647

SHA256
22719a980bd0763ab3632b6e318c651d78c83110262aee4b39d6f0b76f17ea36

SHA512
15e185f3d99e26d662396253c51d18acbea56bf3ad7197fdd9c9e51c3a4bcd47d9259cae9dbc80ec512c0c6c1bd60c70f2476ceacde44c8b367f57b2e0178f98

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/com.crashlytics.settings.json

Filesize
710B

MD5
4b4d015fb01c148a6544dfaa262becaf

SHA1
a9bf34559b68771d6d108965dedad07314de259a

SHA256
d19a901e2cf209872e02c03c84ecc6f8a4df3544e6f91fbfcefb9354484f73da

SHA512
13d8d0a0484af05fffa25e46f20fc2f6a2ccc69142ce9825f15af90cc4b870ffaf18ef30a42da79f8fb4c47a708be352bd5121df5709a07e730dfa043cc16224

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-6631A634011200011096839CC26E3A4F.temp

Filesize
442B

MD5
d8bac1b63fc82c3211945ace82f98d29

SHA1
e1dcf2a8fef9251dbe6419a468b6e0db26fa19d6

SHA256
565873fb66872d0a3e7cfb6ac28cd1250067b3886bbe11d1d52b7f7ed93a5c16

SHA512
831da0a6e48dc8d3fa038d972e115eb5daf0d3d8d87881cc4c5d7e49332d94bdbc2cd3be46c78ca24ef05da4f4864dc9faabc92b3541ddb78b1020670a0be891

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-6631A634011200011096839CC26E3A4F.temp.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/report-persistence/sessions/6631A634011200011096839CC26E3A4F/report

Filesize
732B

MD5
77cad17bc1e23a6f92760d8f6a65a6ed

SHA1
377d10a7e37c58b6725f27eab5447ad69e517e67

SHA256
ebace27ba23065563238efc1104df354a7f71034eb5dc809a59b894b52280f1e

SHA512
74e815438d4242850937feb3f0e84bcd2db4a7471ea28e490f303729985a7b5c6c972d3d30a16ca9a59a023fd72964b22843ff9ae0e11bfcca5ba707865be0e2

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation2390807647145930567tmp

Filesize
90B

MD5
f6ac756d0f459630e2b7c760beb7be29

SHA1
4a08c5f59565fc29dd12c9a5d28ce542aac568f5

SHA256
3718e515b8b7d33d0f789289d24f5a5fa33fb2840324391af4ac4f94d9d4b334

SHA512
c7bdcb8eb4cae74789c37c85cdd96b31c1141fe4ee8b186d2e6a982b0dbbd5b978a4bcad7ef403a1ba2206d7e6d100fece00e788c268c75d86da415b7f95dff6

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation7333671165227326123tmp

Filesize
562B

MD5
e457c63ca1c436008568ad392c13c605

SHA1
0f52de01290271c54deb95539e09bd5a0218a860

SHA256
5e45bc516c93878f867592edf0b20c2b69cdd4998dcbbc71e37c8a6c6572350c

SHA512
d908dc21a56d417cd973e1e5f6d53e56d31d6c516dcc0b0483c3a974de1c66f8003258a4ce1605fd0adbeaacab7829deaadbb2c90f104a0a1fef2eb118dc2ab1

Download Submit
/data/data/app.EasyLogger/files/gaClientId

Filesize
36B

MD5
d90cbd27657c5b3c2b260fbb3b224c78

SHA1
724b3e784190b39f9b6b4abb1294db39ec6f2d6b

SHA256
c1269e4bf758c9d694200ed069e45569574ce70f893a6fe8a6990e2c6c1136fc

SHA512
142344e4178b9689daad785836cc5075e8deda01baf72bd7fe8f29ea3f437ba49ffab75bbfa36b6bf0dc784e1d257fee6a211baca096d0cce42c74a0d488b32f

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
89b3f7287f402f907ec494520f21f0b9

SHA1
b3214d3f76057d4315cc558a1d97a60ada6cdf04

SHA256
f4f1e87ee6c3a9558b77082246dcfd173e41a9892bd70074244b93666731f52d

SHA512
cfba7ec7b85a8db1c7404e7a7de52cba4929e9434fb0e931502f5f13ce60e7aa53dca8700ac4ca7d335adc4ccaf4715047c7c2d3c147ede8e1ea3b4fdb9a431c

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
cf1f6503419d880d6951016d6567072c

SHA1
c1d4895a63c322ee8dc313d28d0c59846451a0e3

SHA256
e75a0d892977cd742636f5f601b2756c9847944da7976afd4c7049e3b5356271

SHA512
e72d2982d80fd6fe0b3d8746ba829fd2d9106c36468bde78fab59db45d24103c49da1c4acc4378976d96624b05e52b0a88b21f77dcdaa2a5437ce41f4047e26e

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
457b7a2cba32e8462cdf88909e92743b

SHA1
06d9f08729f57994c9c5ca30651eb1f90d16431d

SHA256
2c7ef170a1c2b126c88aa9aa1aa113b226b408a0258d4b7defb2a4a68bfc61e9

SHA512
32ed8c28faa89b28778084f2a1411ab448b5b5f64ad340727cae465279cf334093757203b5a6ab3590ea1c228b7f21478a113d1cd5bfba3ec74b3be40f4d34ce

Download Submit