easylogger | 798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae

Analysis

max time kernel
49s
max time network
151s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
02-05-2024 02:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae.apk
Size

5.8MB
MD5

1398c9c6999be6f56f2364ec680f8557
SHA1

396c173b4c084afc3a2c89044ffa42a3f0e4dad4
SHA256

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae
SHA512

49ae3724b60f40ac3646a44164fd6879480d895e1096825f484d63d286b5c5b8f2557bdf752f746651504bd038bf9e93dfe7400977e2bd6ba24576843b3393dc
SSDEEP

98304:BUlRb+MDHwasxU19o7SDWNYbM2Wlghs4DqHvSse0EpO9X0xUCd7Mmp3/U5uaMA:CKhdU1xWlQDuSsGA9X097MaPUo/A

Score

10^/10

easylogger banker collection discovery evasion infostealer persistence spyware trojan

Malware Config

Signatures

EasyLogger
EasyLogger is an Android stalkerware.
trojan infostealer spyware easylogger
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

T1418.001
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
evasion discovery

T1633.001

T1426

Processes:

app.EasyLogger

description ioc process

File opened for read /proc/meminfo app.EasyLogger
Reads the content of the SMS messages. 1 TTPs 1 IoCs
collection

T1636.004

Processes:

app.EasyLogger

description ioc process

URI accessed for read content://sms/ app.EasyLogger
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

app.EasyLogger

description ioc process

Framework service call android.app.IActivityManager.registerReceiver app.EasyLogger
Acquires the wake lock 1 IoCs

Processes:

app.EasyLogger

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock app.EasyLogger
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

app.EasyLogger

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo app.EasyLogger
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

T1422
Checks the presence of a debugger
evasion

description	ioc	process
File opened for read	/proc/meminfo	app.EasyLogger

description	ioc	process
URI accessed for read	content://sms/	app.EasyLogger

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	app.EasyLogger

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	app.EasyLogger

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	app.EasyLogger

app.EasyLogger
1⤵
- Checks memory information
- Reads the content of the SMS messages.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4191

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492
Filesize
1KB

MD5
c2317ec00002fd8322965f6ac271f84e

SHA1
1cdbd60cf816be72924744ec54cb3de309a16950

SHA256
57ebf3586e60ec0d6a4102849067423fa64cd1ca8404ad8850ad4fbce5f62c4c

SHA512
bb7af35bfb17f871b2e25ebe3be8195acd5926058f454100175d6471cb3d234cd5e462ca72b1edb48ea46360387dd110872ece47bceca0c300a9bf81dc932b1f

Download Submit
/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492
Filesize
1KB

MD5
41042dc9d093c22e9a7cd269849a3220

SHA1
5b3eae6e4d89b583aac6c101eff499b54279f050

SHA256
dbe2c644cdf386fd0a921137f8d54558b93f91fcc9512d1e4cc29fab2b4c4eb2

SHA512
5b5b33e3f355cedc80f6cc75ac2cc0c679e035a2a22a8b7c81c6cfd0f8143fdc880cd2aa841abed34fa3471f06d92e1cda2a9b750f0f199df1a677516073b41d

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db
Filesize
76KB

MD5
247a9a1ab8a9d50b768aea16f443ee52

SHA1
1b8ef45ad7df4db30e70051835585e526f7fe488

SHA256
6c414fa302b351eb7df14144c5c36a7ddd181615cb540f012ff67005837c9796

SHA512
6285e17579d1253b10f20e00f40aa8432e58a0e7b0b080c7ed52eafabae8f339f250897164409d1bc6512359557545998042fe41fca2e7b4ead85ab26918663f

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db-journal
Filesize
512B

MD5
3b0f564801567c1f08b7725f83b1c51d

SHA1
943f9a2d726985f98f7e3f821d030892f8f2e7b3

SHA256
f6a8078e14754281a0d5db3ae5272023465fe19ea9d0c85183e1597e46a00f5f

SHA512
9919c82bc891358bffb6a1c77cdc0ec6ae543c38593527a51310052391c0fe7dafe3eea871d9e30faaff96e5687c59eae67a0ab2eb3c9c10098d4842077a9e6e

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db-wal
Filesize
140KB

MD5
1f4bf15485a39b85e30b593d1a12f0ac

SHA1
46694964c7d78fa81617b79b0f14286d831bc0dd

SHA256
a3f63e3d87036f06676b6a9b82e9dfb7be53df8609bb1b35b41da500da330995

SHA512
d1cbdf54bd87dea2c86c115fc39447ec5a21a1c65f302ff23b7727870d7f12057d20e5be0c6e85153794195c77e606833b327d43f4403be774aa59ea6750925e

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events
Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-journal
Filesize
512B

MD5
3dc5362912842a3c0b9ee68762c4f69a

SHA1
dc4a0fa2e3fe962b32239947747b1f8c57c8aba2

SHA256
24e948d6022bc441d92445fba532e6ed94a8aa5a4a5bed6fbf21f7dfa5320771

SHA512
91776ce75c39eb483ea100e3a3d5e081e9892e3cbc5e5117bc080e7ed59c1144d59062df39e71f19a6508c8ac7c042f35255d277116477f3a1d91669703a4c86

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-shm
Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-wal
Filesize
52KB

MD5
9d063361487bd270993cf30d97bca059

SHA1
cfbb72309f8ac7a61a6c7035a5cd502a61885d98

SHA256
a441751716d89639622008f3b107535aaaf3528f1f59bc436b2cb111ceee7a19

SHA512
7563d1e19fcd1298154456e2a4c718437264a559dc5f28b17e2efaa5041636db0be84373432b50a3ea19ce2b3d6dfcd3441012abad2ba416a2892a2dd437807e

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal
Filesize
512B

MD5
b5c61870b6171a3ea451c6ccd6bbc50c

SHA1
1327d3fe22bb24515f9b8f470cd6caf1ba6a6116

SHA256
855ffe88bc783ed45cfc1c58fc995f68803d1f024c6fbfbc99b25275b4005475

SHA512
3d786e93ba22588fc5712e29a21276c81b4b7969d345d6f2b929be4c035cc29d6f2adcb27d42327e2ff6ae738e12f49ed9f7358adf403b3205d3c563ada38199

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-wal
Filesize
68KB

MD5
cc7d867e7c869ac25fd438bd62b5bc87

SHA1
a54282621ae0c58964c4a89c6a9a3b3c359a9403

SHA256
af75f60cb807d700898d4e7c44b9b00f759108089831de9dd49cfd8472aa13b4

SHA512
a0cba6a2186afd21ceeb19a24893d00a242b20bec4b80f18966dc7387795b81d0ba155093231f05ac0f10a6af69a5e2cd628429db7cd5813f7b81ccebfb6c5b8

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db
Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db
Filesize
16KB

MD5
502c4af3f3a87282515228f6d223d8da

SHA1
3bcf14e446c93a57dfdca37450e0a241752a7a64

SHA256
634db97c48d7b3fcedba34d0278b147751b98bfbf6d84a846b98747cc16999d4

SHA512
cc4f1da928246d55c19893e48c2714ee893aab07103d2efc8db47971292d0e3412f4cc2d96da49ec1ba6116ed14600fb701fce8e014033b826610b203744f41a

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db
Filesize
16KB

MD5
e6d61d3671f0e422099fa47588ddaaf2

SHA1
05ee35cb1ba917e232ec8ff8e76b83d819babf5a

SHA256
ac835df483eb04c776136c1160e45f969d6e4c740ecc2d27ed883dbaf4c74422

SHA512
058ce99de19d97a5652933024b747cba641898d1e719ad7f2730268b9af0f4e3c31a5499b3ab3170d40d54bb71970d2f78f7a85529d5f0585e0cc8a6e556d718

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db
Filesize
16KB

MD5
6ba5f4b7aca5a8e58cb19752e9304ad3

SHA1
85087d12dfb8fe3e2962cd033189bd31498293fe

SHA256
a8bef8249735b1c52c73c14a7182aabb23cfdd26ba4984fc7181bbbf6ad63262

SHA512
2509c7be7c284450eff521b7fbaef75eae2e7f63b97832f44d970b42879edc0d449acb15ef299c1fbf5886a602eed7bb656175f4691c85767925d0549c07591d

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db
Filesize
16KB

MD5
bb1d4a19351d20c8738e4a9d8067a6ae

SHA1
4087678856dbb5a78e169485d495ff0d4f0d1c5a

SHA256
aa1589117b2ce922612b0dbc96264095a6f20907aa77e10c3dc8160e70f9bf46

SHA512
f8af2b45cf2dae8d1fd2b479e8a3a1c0f1d1ae00748b16910ba71f64283acd5372f5320f680804da4bff99c8ba4b0cec504a008ae167c3b3bc6d8e3abc44c949

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db
Filesize
16KB

MD5
ade57a9892c105eb146676b760e41e1a

SHA1
4ae761adbe22de8b6979c1e3b6f9129ab8ff2c11

SHA256
273783621ede4e3a64953b0f7bf0d9fc8ea1d76a0d3d822f94f568a1d9a36eb6

SHA512
aeaf10d02cc568f8f5a09a713bbfd0ebe83d7fd2f66903bc8a64e75ff83d9e438fb937c2f76b5424e540b10f6260ca29477d8eb7370f35cb3ba74ddf7892d8fc

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal
Filesize
512B

MD5
63803fd60b80e85acde82a38e8d8f26e

SHA1
99e883be4b072b7d397eb4d09ac7d333060bbd3f

SHA256
14ba55d68ca693fea7dcef55b9146485b6533c4d66f676c0b88ee251e764432d

SHA512
0e161ebdf7d22b8394617eb25e606e4d55f5bb5487f2075334e080f1d12b6c21aa993cbf8a3290f58f9b2b2dda2557f3ba2bdf103c438453812d55dd5994744a

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal
Filesize
36KB

MD5
b263770918de04a01d886cd3fabb9c75

SHA1
91908f7030b212179918f0dd2d8cbcf6a88fa752

SHA256
b933873516916fe0741c66a72a2a42eaf37a3a4a3a4a55b73ef0bfe2f26b7f8b

SHA512
83d4d36bb35ae8f50dbb1d42ed1ed82a879dfc5c5cc54ba10af3d01a67906412c6528e11e6b687c946c5ab32efa109de876a8f295116aef8fd0b9b01ae03f7d0

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
d0b991b7bec4ee18382c1d8ee922204a

SHA1
57889567fca9b42be76f47cf6f5eb12c1271e7ce

SHA256
f9ef16559e5cdd441c9897604d735c503cc0135d98bea1794e49f30710dc85a3

SHA512
ea9d413e594571b391377221daf4379ea0751262ad21c007a001ab068e99174194f1b443fc44cb0834904db2dc4c4dcb0f43497ddc8f4eaace8f24002aba4f9e

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
3faf8dba4990b07a0dbf22d231794356

SHA1
0cee6931b96ae0676fbdc800db3eee2d0395f3d3

SHA256
e4e085174bd63c1819b63372950d46202abfef943608a82240344586409f5829

SHA512
d930cffdfdefd63fdf19da357dabbfb89c72fc56710f86376688b735ef8630bfd11abba3eb916eca9b373be58e537c0c91278f6b66b897a1adc0977acaf095fb

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
09d37e4ad2357e836d68a48516a13635

SHA1
e1494e1385ef6636e821d0874217802fc09c89d2

SHA256
1e95f692a269e2eeca2407c29a4df1db05691c622076204555eb07d25ed6962a

SHA512
0adb39e0e06e3e02b1c5a1c85de2a5297c4cf1c03a05142a34be1a3a3a22f2f56e7beb8340ecec7f15699f0ec340ee566cc0b44e34d293871ebca4790fd3ba35

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
cc80d2ca20723b8130630966e81da12e

SHA1
e401772ba30e288c416f659e05881f1fa63af698

SHA256
1316428c27982c50c711147cbb54730952c66780b9d19718bf53ff9116590526

SHA512
684bd994e13df9d9b33d8e9626a55554ea1c04397877b33ad4f5749ebbe391a7cfdb40cf590fd0c77c99c57e9425cec86b2b4f731c99a77fdfd6e81df92bc566

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal
Filesize
4KB

MD5
b7f564ed11c97d171f84d6b5b3f630a6

SHA1
b3b261e9a588eb4aac5e9a71640bca78a54ee7fd

SHA256
a12232c98f08b05418ffbe8744ea67c3dd572bac871a549d6fa150c00cb6fe61

SHA512
6cf5daedf0d05e620d7fb1a3c7a07e40b4fe8dfd35fca14d58bab45d93fe8c3e1df13f15dc4d034e10ac5235cd2d7a20405cfa9be01e9e1593c3d63c5b872431

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/com.crashlytics.settings.json
Filesize
710B

MD5
4feb9622685550f069da2821c23a1b3d

SHA1
818253e7d0c71c7490a49ffcc141b5932f9a1a4a

SHA256
40f8587ce23a0b7d850752b33e82003d7cbc907075cc53312928e0f1cf3eff08

SHA512
7bd11197a4f84c2d589682875f54db4316048151fd3297d1309e1dc63cf0916500f1afd91a7acb07f25e1522dc29110d30b99b2ba474aeb4b8b4913b0f34ec20

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-6632F61B01020001105F591BCF1793E1.temp
Filesize
438B

MD5
2e3619fe60cb3e74abcd4fb72309abbf

SHA1
e62cd33f721f349399d51c12a8aeae5a969fbe8b

SHA256
f9d5e30ea42d5714eb6baced23053b1dc5e45083217952efe10377fe5b7fc7db

SHA512
b7c1683e4ec06a2bfc95bad7a33d52727fe10a186a3aab3eee8dc69b32598831410c6ba1c4faa6f85e242d3597a5995ef73a5551379a460b5f51902306252558

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-6632F61B01020001105F591BCF1793E1.temp.tmp
Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/report-persistence/sessions/6632F61B01020001105F591BCF1793E1/report
Filesize
732B

MD5
d4ac70ffc82c0e818c89502af54ebd4c

SHA1
bb9472207af9bf925d727870287c1bb618065fac

SHA256
893af5c60940149fa306187e591a95f9936960d0e934ceee31dfcd544538a6c9

SHA512
611f6ad0dfc4e9072e63e0e78f098f3ed8e747cf6290661f06a946dc5764daef2d864d6e1876ea6637847dfe7e07052d4eb353a91a9ac4d5613091dbf6f8ee95

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation5662471706601687593tmp
Filesize
562B

MD5
99a7226e51c9fc613f8b02350894cde7

SHA1
19ec8a618980769813456797166670e48a631d45

SHA256
af181aaaa273f583d9b35fa10a798020445d1d704956c446efeeaa617b635c12

SHA512
b5f753e42c90a4aef515b4ec9c242a424631c69f21a124b55e61b54545a6aa408fc536544bf22fa20371611f966370615f4b676e43a7e598009b574162603fd7

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation6360399578450379631tmp
Filesize
90B

MD5
67191d41bc6893abd65ab32a42cbaf2a

SHA1
c433391ae902b727ff336667f69257a644b9611e

SHA256
1683deaeb782efcb22d1aa777a25636105e99ef76862b370539aea99af82f19d

SHA512
95eef1671b8bed06be61054392d0eefb13c48a5a6c61cb91fb3b6460c2d2afed2bda1cb94798797a28c2783a2fa5d25216202be289619364390fb561927d0c9f

Download Submit
/data/data/app.EasyLogger/files/gaClientId
Filesize
36B

MD5
9220a3fedd2c7bd13812aed45b331c09

SHA1
70dc0c85455a09e358945732122575e7a347199b

SHA256
a24b1cc815173cdd33667b8880dd0c7d0b27f6a587cd34ea1ecb8cb314fa20bb

SHA512
1e0611de67df90565b81197321fce55a1a0c5f075b32bfe60493cba99e9a0a2c30f591c3a8224a9408767edd1ccbbc3414c6f0043337d8da5fb22f7d352f4ebc

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-journal
Filesize
512B

MD5
ffe7f185963147d8fdd9a5bd270bc04b

SHA1
7d08ee512d5b62af0050caf0f86987ddf8da7d8e

SHA256
df7b0623094eac38c526f9e589b1a64fe5679a6b9c5c7aeb60e0b4d4f6eee508

SHA512
2149d31301dbd6113caad86156c46f5ef299e93839dfbaa95b2b3dadf6104bd3ed05761a5a9950a52ccfa184ea4926da3d8c2f454cdd21422e450b31fc611481

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal
Filesize
16KB

MD5
697c722ad9f9ee806bf1255e3056c1a1

SHA1
4c1aec233d41f86aa094efd00439085cabd2e807

SHA256
c6d0096e47b74ab3ab5b35df77709dbda5800498c8ce5a1b767658feb5191a04

SHA512
526716d14d5ba057eea779e29b43ea05edba56819b1810a70d72d5aa52e337a8b8a5a2813746da07e4ed076b61d2f6a8e79ec7e8089eac6022c57c0e937d0364

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal
Filesize
108KB

MD5
7aa6009e2ccc7ab4928c6318b5b74563

SHA1
513cbc0d9028534262e098f831f44505ab8e9a31

SHA256
14231197a17dba189af9285f7fa4e22c2584efe5733a808f914a0269d6b015fc

SHA512
f7b75ab1a70c14c5d12c156ac222a4e2ade8fb85d32f5f1f3bb5bcbbc163d2da0b536f339c20bed9602fd50bccda8ec84f7397bd2485b0565a24c6f4940d5fd7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads