easylogger | 798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae

Analysis

max time kernel
48s
max time network
141s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
03-05-2024 01:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae.apk
Size

5.8MB
MD5

1398c9c6999be6f56f2364ec680f8557
SHA1

396c173b4c084afc3a2c89044ffa42a3f0e4dad4
SHA256

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae
SHA512

49ae3724b60f40ac3646a44164fd6879480d895e1096825f484d63d286b5c5b8f2557bdf752f746651504bd038bf9e93dfe7400977e2bd6ba24576843b3393dc
SSDEEP

98304:BUlRb+MDHwasxU19o7SDWNYbM2Wlghs4DqHvSse0EpO9X0xUCd7Mmp3/U5uaMA:CKhdU1xWlQDuSsGA9X097MaPUo/A

Score

10^/10

easylogger banker collection discovery evasion infostealer persistence spyware trojan

Malware Config

Signatures

EasyLogger
EasyLogger is an Android stalkerware.
trojan infostealer spyware easylogger
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	app.EasyLogger

Reads the content of the SMS messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/	app.EasyLogger

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	app.EasyLogger

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	app.EasyLogger

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	app.EasyLogger

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks the presence of a debugger
evasion

app.EasyLogger
1⤵
- Checks memory information
- Reads the content of the SMS messages.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4267

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492

Filesize
1KB

MD5
7b66bd2856bf9f4af8633510b9dcd590

SHA1
c0dbca62d2992b3126b63f206023fc04735be923

SHA256
1987bf4ec0ef5b60ce55196c96540a4ead4f252bb8f49cf48b198f0f8da81d72

SHA512
b7bce507882107a29b9f5a2a460ce10dfcb2e79075dd726e944416a253944104d8d884107f130e2a5bc73f2d59feaf2dc11462dda5f57cf9a42782a5bd59dc3d

Download Submit
/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492

Filesize
1KB

MD5
5eca44ef208f3ba86be798ef5190bd12

SHA1
62a8d6760a83760c5ea80a7c9848bef5996ede3d

SHA256
50153efbc9093cb6dd63d01ca932d2c4b6b1d7b11a65d89b3619dc620ed3cf43

SHA512
fcc0e535e436c1081b480869f229513e2036dfa054595b420918420bed9f72339cf21fe93b76c2ab7b9a98c6a85aa3239d53545e8fad739eadb51ded49b88c4b

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db

Filesize
76KB

MD5
247a9a1ab8a9d50b768aea16f443ee52

SHA1
1b8ef45ad7df4db30e70051835585e526f7fe488

SHA256
6c414fa302b351eb7df14144c5c36a7ddd181615cb540f012ff67005837c9796

SHA512
6285e17579d1253b10f20e00f40aa8432e58a0e7b0b080c7ed52eafabae8f339f250897164409d1bc6512359557545998042fe41fca2e7b4ead85ab26918663f

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db-journal

Filesize
512B

MD5
14f14a79a66bf2784a059fc78cca6e1c

SHA1
645b1a676165870f571ab41755959c3b2d09fff9

SHA256
06b2b6c07c610d948e0efd6ed3ad82f6efd3c1b242afa732481eb00a81c18ae5

SHA512
8f285fd896b62abb9a6e241084f4d463a67803282c47dd1107d04af17fd45d3661abaf319fc434396c000eda1d9f84319ce3b72ad213a835d26ef19a448016f5

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db-wal

Filesize
140KB

MD5
2a76ed84d5a513f40868618644df8ec6

SHA1
262393bbee0bbcb9558c2c79f418f6c8b63465b6

SHA256
70696c72726eba069807bb3395ded0d0fb2f615b043fcab4b5a60852c23384cd

SHA512
f35c70386eda784db4771ac454127d604837abcd0a9f58f00271bd0bfa6fdaebb442466a1ed820b88ccebd81e581caf2682d660d85b2b45f53d48e0a865a493c

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
1e14021f3b6d6d61399e6d45ba977a62

SHA1
31d2bd91bc0ef8ff556b3820f413c285a18c4613

SHA256
46d92df0e74eb4a9366781a0101ca97d5b1cae2918000dc359d5cb34fa34cad3

SHA512
7eaddba65df3c8f0ab7872e1b7c1d88308fe19d16a4a767a9b0a6923ea18f3cff9d54fe98cb3075a7619c1836e05032562b960ad6b47352fe2358458cf1fc9d1

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-wal

Filesize
52KB

MD5
bc030a30c98097beb50f247d3ed0f229

SHA1
7fe0169649b583ecdb9beda8612a5b77cbd21c94

SHA256
38edabad6a6fc60f6b62d80f98c2002228aec2c09389a416aff48efdaf46998a

SHA512
27a5e554ca7759e8dc1c7831315d32e56acb868cd72e1310deddd35bf08d28e05673c1c948377c22eeecae27d7516b0f5b717056e27dd4c954c2dbe1dfc2ad47

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal

Filesize
512B

MD5
999d701c9ca2237d5da9dd7e15fc217b

SHA1
f7c93c64c14a01e5210443b9ea1aff6ef2224652

SHA256
987b97fb16959dfdd62098b5a0924620e271d8caa520d458c16ecd951e1a0608

SHA512
6b837b269e77032064b1f555af610c5ea5dca74010d7dbb9bfc6c9041ed245b4226cbed0823ed0022593a6000d9dafa1b2d9c17173c89cb2f8b79a9576bed911

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-wal

Filesize
68KB

MD5
2f98033694da84cdc4c7bfd125d37392

SHA1
bab89a82e0dfc2ea48f54c65862c962d8da0e492

SHA256
402199a2ff113abca28a2b2c984116ce7a08432f37d5ebb29cd41109e576273f

SHA512
9192946b0bb8ae4d5ecf8799baa57bf40de89223fcc3701911e9b0a47c47de3288d5eeefd234c6aab039bea34037f1aabdc1f46845dbf92c85041b9fc791e614

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
9af93b7e80ac4251902060eb6e7a65f3

SHA1
32f89143d6d2b22605f7d45fbc2483e98bba93f2

SHA256
00a9b588be66aa2306f53cece87765250a772d4bb6c62d8155768f621cbdb6f8

SHA512
f17499ec89cc5e7aa0659f36cdf2215dfe3055d0a48d736f05951c20202c60dbe9ed05d5429eeaaa520dfd46cca3caf555c25286435cb2d066f0eed0d9881920

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb2ec31ddd5a3161079bb46e1e120cf1

SHA1
5743eda111476ff8e12142c588385c9c473094bd

SHA256
9dae5ee09e735cc4db70ca3d651fc591aa2b23e38051fbdc82451a555d196dfd

SHA512
f2614538ae9caa25756cc73ad59ecd05758302c69062d5a8ced630c5077d7e01751c254f949b1fc09062bf6fbb1f0e86d416d54f6cc8ce5560fb51ed983b7587

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
984c7000883c5556cbf3971a7b0334ef

SHA1
fef23e41581cd75fc2eb50ccf2dbf581044cc9bf

SHA256
455eb84c6d7241e3783247d9ad4b61f00b7a16d634d738f7e5f8aa2486c6e728

SHA512
0fbee076e47e1029e277d5de78ffd62ad868e08a76c9564e8a79619ace4a2ad0c5b1f6395b351b9125c8a8bc4fe6f9fd055363acf358ae415e92b9dfe43e2a5a

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
336863fe0c1ca1e51e51de7b8ad92110

SHA1
db6909146009f3c345c8b57f52306762dc8edfef

SHA256
49219e47641f7834f4b81b202b0184bd778061f0a3bc216438919d7af5dcd7da

SHA512
7922393c5a0397a4b41edf2d181dd9e1f481af0a34f364a559572844b5f077e166d23cd80f090dbf773d5868af399506ad7e491046cfdbded86e8f818686ead5

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
87cb9139596742358c3c3c255a7eb83d

SHA1
4c828cd7ecb820c49388be23f7044752b2a799a5

SHA256
3efa205c621cf97960f5c1b691931bf0b983ceeebbf1833b6fa0f9b1391a1593

SHA512
7edce5c507f0c3efad1c9fbc7da751a2b11de32fb23e52f21d18cea525e1172ffcdf71198884a0a5c88d84e3268d8125815fe88f78743d9a2b2fb4982a841b2a

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
55709479268c8477d9ec77de02bbd79d

SHA1
2af8fe84940fc5fb35b33aebe3eed47dcbb9eeaa

SHA256
724e854c29a7319eb47b5cf6e1dfff43ab2d77af8a55cbedb48ba1939ca8cbce

SHA512
2ed5c0ac629338e9a3b15f562ee23fecb1d9949f6420f348383d3b3600260d3cdd7a102089103b075d2675cc78d99a9a4514475bea4d1c6721c11903442d6755

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
9001a11be74d8b6b2f85cccef967bfa9

SHA1
1b5d30d10cbce54ec6e68988a7ad7e5fd3c4fb97

SHA256
ff2b413d42fb4f4b5ae402623362bf04a5061e10cc16228f5ea7c138abbb6891

SHA512
84a3c2a728952233ca66b0b20e48d85b69956ab12027d7d0eae3d1ac85093d803f29ef6c40f46885029d271bc0b38b23be75bd8775dfd2ab91ea53fe9f198ab3

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
2d2b5e810e9671ae1b02e47cfb493f44

SHA1
e45bdfb1c393ddbceb43f1d61e08ea89df6fe509

SHA256
9bcb85d30fdbf80024aabca551a971d585f1362630286dec5aea2523a45fb720

SHA512
ff7eaba6777e739860ef7b155e591b71f37cf5a0bc31bff628f869f7e42994c165721caf65aa54dc7e4f5d3b1b06671a71f841f5a192971fca492709107956c1

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
6a08c8098aaaf80352e5888003fe3262

SHA1
1c49624f8b444a73eb21c436ee15bdbe50cf27e4

SHA256
11371a74fde61db461f52a07752ac3e6c350e57fb64e63205d24589a1d314c86

SHA512
891ca1becd659b2dc15f8f4e50d4b653a2af7b800be5350bf296d132fbed27451570f7c771172d360a01fbd89e17ff114bd0a465e738d81c0622cb0a93194b4d

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
e44b9fa24b1ebc0b4030bece2a898e2f

SHA1
6c5fad6338d085ca3ef499af976615ec8e951601

SHA256
cac1401c19186a347aeac425f352c54b3de9ede271e3fe1c428327b3df108379

SHA512
4e2a5ab263b28999692993ed8e4d5fe8da9c236a65f6f814c1b0d14dfc61e20b49fbed1a0adbe7328e02852e6875d9da2d56edd5a4b8097898e0b590a25d325c

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
4e2f8110e0a797e8b15b9d572cb4e419

SHA1
d6d53bc5da78be8ff4cf00038b6f0970b5ec70a5

SHA256
37ecddeb25f312cab8176621a603b3cce8a77b493b91b3dd3330ae09bb0b7657

SHA512
c1e058c98045bf335d8bb0fcdf7971adcdb7cb8c94f00adb3746672d83ae395c21e7d6d86d9e50a40596ac7871c8441945881c06d60b58e9097723e304a4b790

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
524da89446ab5774218434d60676f361

SHA1
716e4e4711946fda19db6a418486f96d74f822a1

SHA256
c1cebc1de5f1f3d2654f012300d3e2fc70b9b92af9658f23feea862e1f39fba8

SHA512
7c305ead8ca9481a1a2a9ba3e70413a976dd7e262ce8a80475f2eae28d3ff58a6085377927523f2ce24aab5cbed9a04527eaedf5035c1d20a878e92fa2adfa28

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/com.crashlytics.settings.json

Filesize
710B

MD5
09b848eee573a46fed6612c424bf5d04

SHA1
0dcebc993cd8e77cfb172aa1607d81c9ecef431e

SHA256
b98362147c994976d2900c4caafe0ea07f676bc815a20d7d1f495348414f1cca

SHA512
08f1e978443298ed8fd4b2a39c7848132beb8ab00b3c7e95221affe5231b8c9f2d7fc18189d8a28c380cf2b7cdf4c4eaeebd9f573083de473a7c707b3b48d580

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-663444E201A9000110AB2AE1AB29F227.temp

Filesize
434B

MD5
e91c8b11cbebb6654a7889777daea7e9

SHA1
a13337c10b4917daac907ce77dd4659a7ac6ad2f

SHA256
b349e274cbd54304cb31b45e5d3e9eb67c2a3f77e2729ecdcc8ab762f19383d2

SHA512
110cc385778f88a4394e3375791d0cb8a7bd194d2fc9edc9447182cd651e14bcd6f8d8099fdb133c35192f65a811ff626569adbf0be724fb4acf2b958aaea804

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-663444E201A9000110AB2AE1AB29F227.temp.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/report-persistence/sessions/663444E201A9000110AB2AE1AB29F227/report

Filesize
732B

MD5
0a2c8d26a7322ef6e6444e828273a7ee

SHA1
6fa296dd9e09bb958c5693701e93be4cc1ecfb66

SHA256
76b7438835736c655d363dcafbe12d3ee8ea1ad6a3009df0e7fc82bdba02e0a1

SHA512
f10da60fdf80a05923c716ec2666c7740c34e711ba92affac9526c42d9f469fe4b78d6e53abe4ba462f8a111f06f6afab99aeed9d54c8267b3d16c102c3afc0d

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation4645178554062097262tmp

Filesize
90B

MD5
d8ec4c582d981b328957cf15fd24e4a3

SHA1
a36746472094b52367c99ab8a2b1001b563893a5

SHA256
3419452bf3aa6f02f0d1daefa96503751a74b9c928fad701477183662fdf6050

SHA512
da8ec3133d0cd6c2d0d3e67a5ffdcd80e4a8d117f54d2979cd1fae156b23375de5cf0cd2146b37328ef12da4614c58da8dad9cac83a834cc71ebf339937898d9

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation5130793399170676996tmp

Filesize
565B

MD5
9852a2c73d54238b3b8fe99651399280

SHA1
4635a757d3c9a3c4242627db47ba384bdd013b10

SHA256
144a96d4e80306a51f4b1e7253796d307ddf59addcdadc280227e7776e0e8ced

SHA512
bd4726a65aab55149aafa72e5ce2dd8865e93ea845ee14fb4538fa425b1c7534cc8b5b38207ff53557b63f5f12690496790b6cadf58d85d49ff937c472b0e3c2

Download Submit
/data/data/app.EasyLogger/files/gaClientId

Filesize
36B

MD5
13c6f6356826e6b0c33f7cc6644896c3

SHA1
3d3b6a48deec2dd9516b2afc55d2023772df1f5e

SHA256
e29820a8a9c2956fe2a3a423faca3ba0617eaf02c862dc59bf76a566621e70a4

SHA512
9cd19c979cb9c35896dcebe60919b4a1ab0bed1c2c5e9c26c3368d52827ad18c9512e34fea81f37a61c6cd78aac1abe855d6d68c52582a9a655979fb2fd659da

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
37e4bca174885a05ed88e742f5a3f32c

SHA1
d80eb32c9142e78d92fe190ce830e1a74c96b693

SHA256
d97c39acd3f0407ec8bac24235b15113d4116c81b215d20a634db3c0774b651e

SHA512
7d49c9b246025ba6a03b8088ca3b3b67017013362534b4a3d29a2ea873aced1551d660e57b41d2d552a4d94bde4a732ccaf694d515a42b1706d7d891df4ecfcf

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
4a8ad9723fa5f88800fd1886c2d1a83c

SHA1
8a88d22ee8e38a8fc66c7367531f61caaede23cd

SHA256
9cc965c7aeb39510f86a23d2a683bd178bed1cd718f832e89cb2a407a039d91b

SHA512
44cb2a267a1f91c66b09c675acdb45df6a7294299cebe10b033a1e3de58affae2424d1fefc425b32779d514bf4ed65596ee4ceab929be5e49da5e56c723421d6

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
2313f2f807dc1cc28c5346a536e95350

SHA1
30fb09303f31af3aafe26df9b0ad3aa7c5f64816

SHA256
95b87616a72723c23a9314104537bded7e3796226c2556e4c23df142fbe2c7ad

SHA512
2385d04ecabd2ce452b624d005a455e8c4922f474692587c1ca7d4f678009b789bd71bdb4f1b7deeeb05be6d5df898084537d28a406233fe12d910882b0a7d98

Download Submit