easylogger | 798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae

Analysis

max time kernel
48s
max time network
147s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
08-05-2024 01:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae.apk
Size

5.8MB
MD5

1398c9c6999be6f56f2364ec680f8557
SHA1

396c173b4c084afc3a2c89044ffa42a3f0e4dad4
SHA256

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae
SHA512

49ae3724b60f40ac3646a44164fd6879480d895e1096825f484d63d286b5c5b8f2557bdf752f746651504bd038bf9e93dfe7400977e2bd6ba24576843b3393dc
SSDEEP

98304:BUlRb+MDHwasxU19o7SDWNYbM2Wlghs4DqHvSse0EpO9X0xUCd7Mmp3/U5uaMA:CKhdU1xWlQDuSsGA9X097MaPUo/A

Score

10^/10

easylogger banker collection discovery evasion infostealer persistence spyware trojan

Malware Config

Signatures

EasyLogger
EasyLogger is an Android stalkerware.
trojan infostealer spyware easylogger
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	app.EasyLogger

Reads the content of the SMS messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/	app.EasyLogger

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	app.EasyLogger

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	app.EasyLogger

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	app.EasyLogger

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks the presence of a debugger
evasion

app.EasyLogger
1⤵
- Checks memory information
- Reads the content of the SMS messages.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4235

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492

Filesize
1KB

MD5
0368d547960c66ad75271fcd2b5007d5

SHA1
20daabf4d4048194804b5e2eaabf28e0db28b51e

SHA256
d89b00e0327664d961999f25db08f2dc20d05ae2add9ab0ef333c949a39b68e6

SHA512
88e8461071f0a3b0e115fcd410c89725edfd42b6f4f0ecd36d2d00dca6dd70c66decc6c0d7a12da2fce3a82c0f40e78c9c94f0025196916880b9c0f8a2143d1c

Download Submit
/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492

Filesize
1KB

MD5
ef90b7e6b8dac57a4826ba4a984eaf61

SHA1
5d023da2cc885bf4999afd368a86916d6a6dc600

SHA256
f4439bd5b49171f97cbd272980b818943eb816cf281bf573dd7ddd2247c26982

SHA512
7f6cf514841e0a9ee90425aa24eefc99a373f73fd848413e468fc4803d30969a2f1b5dba5776af3fcc57ff0f76c03a16746dbbc537519325c0bac59073cc3791

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db

Filesize
76KB

MD5
247a9a1ab8a9d50b768aea16f443ee52

SHA1
1b8ef45ad7df4db30e70051835585e526f7fe488

SHA256
6c414fa302b351eb7df14144c5c36a7ddd181615cb540f012ff67005837c9796

SHA512
6285e17579d1253b10f20e00f40aa8432e58a0e7b0b080c7ed52eafabae8f339f250897164409d1bc6512359557545998042fe41fca2e7b4ead85ab26918663f

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db-journal

Filesize
512B

MD5
10c9f9968edc269e3aedd29cdd9c8179

SHA1
844ed3df4b010295dcc851d00f7e1fd0c85bec69

SHA256
af82eafddbbb19279c87d19ded334344f837ef0703304f12e8197db3e083eaeb

SHA512
0ad0bd82208359e3df8647baa71803d839fc9b33252a0f915cda99e959c3616f31e699c397be76e24023b7f6c7f5e623ad5ca50e1a1af6a4b50aa9e4b142eece

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db-wal

Filesize
140KB

MD5
4c1775a9329b6e1833436ff21255bc6c

SHA1
daab090c7e900f882f9e08f3ceab1998f43552cb

SHA256
ef163a93f292535401030867c33e79421e92e0b46b990f0debcb4e761b4124f3

SHA512
3b89173c020b34d0b99937bda67faa8fb9edddf31f17b9429d79e90b0f0e22e6293bd934394a6a8fc47d22dfb86a6d8221c5c34af33275d8af1ac28ba2ccd622

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
691ae1512c2f2234b634f938bfc2875f

SHA1
3e323abd6f0afcf13aa418d3b2f804758efbcffa

SHA256
d05a53a0027a3bc53b72cf215e91e19fc8795b21d320832109d5ce92e631334c

SHA512
d6899535e7defb085aa4bffe3368e4d1505b58b214a86811ac0f3e884a484da27bcfdf39b4d0257103bb7cc573da76cedff914381ddc595cd04e94c22ff1c49c

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-wal

Filesize
52KB

MD5
dcf254e95afc5ff9950072b842331991

SHA1
4fec89efaad3328b195097d1cf5fe8df429bdff0

SHA256
843cbe67ff6b226fa8504e0e1e79cd110f9cf4f94fc0c59776c09815b5ef1487

SHA512
26a9033b16c0763f5539d80441f08b182a70bdc1f5472cccc8a0f015d1077f2b2bd20f38adec9be107cc25d24cf663173bbd6d87720b0aca8f2f04ea403e5fa8

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal

Filesize
512B

MD5
ba570eb13a6ba1bcaf03ec2380b3bae1

SHA1
ffbcccc3d00be93c347eaff7f5ded54f5512583f

SHA256
1c91df4577ce3056bb6d8c8cdc047f7b5e55426991a22985472245e3cc88469e

SHA512
241e086bbf10ff9231e59d74cda332f453d17d9a3c34ad5a3288d045cbf545325f0751b5e18b755334bd5ce83fcab64af7b1029e5049157c61e14fc9a8790e81

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-wal

Filesize
68KB

MD5
ad2509567908ffa89ff0c729e5997fd2

SHA1
066c9543e91a2e1ec8f971659d981b6916b328a3

SHA256
8ec7aa6d8d15f39fff33f66c3cf032e70243571d00bb4d693d4cc4b1af59a879

SHA512
496e1e8f95fa20ef0f7d9f9ae909d68b1bc6443ad39ffe28f4e544c22d885f0b58e9e5469be140130d1323e7b2156618ca8b21a15d9fd81b0c91d5c7a0b9d392

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
edb4becee45d8bea235868891b2786b2

SHA1
f0c01a9a95a626ba7e2d95d71e5ec671778191f9

SHA256
fe6991f111aa9114ea2c64403a3e87ea75e6f08f2f992914a5b28f3be98b6f80

SHA512
dfd6fe1b7e47fa1042526e7f3441a93acd4244edf3f599ecd87065083a64bbcc92eb7c5b72bcc2741e0303b8f080642434562b31f15e83e81fa03880a974a787

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
57992310fe13a1219fbe5a827eb4935e

SHA1
8ef2322cf1c6c0efe6e523179145d67291da79c2

SHA256
24bf65036454323ffba3598f840c1447b3fa3683623bc15f7c11c47f632cb221

SHA512
4f463501c0bfe15402812d3a6629873ae95a7bc9c232865a576b825fabb76a755da80fbd4fa912557a55bc00d408139e59e6562cf3c7fe91f62a06ea034fa86a

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
14d5d0138a6fa8eb1ba92713e7dafa53

SHA1
0b9c7ef6f930ec01efea7328f59b90d370d76cd9

SHA256
2b94cd369c10af93e682f1850a90e843fb28ac994244e4fe66ac2a2596b18591

SHA512
782cd4c3449ca648f114747c1dfe1d6300f2a68e2ead7560a808453dc60e79e8e49b57c9fd2c3484e855085d3ad707e648e3a68b9e2d4edf459e2263e3fe46bc

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
e49bf795a7785d46a05fc4ed5d8a0174

SHA1
c7d17f500b4c5e56d9f7a57a8f0a14f88bd07223

SHA256
6786d92bcab681f5f435b45c54cae211b321e7ac07d499a8de1071fdf699d214

SHA512
0397249860af793ca2af4bcc63290f82fe201058559220c6e5783fec22e4f10c12caf9538ee39365eceaf40bfbf2dbd182cd4a40e4a8983c2f49079fb345bca3

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ade57a9892c105eb146676b760e41e1a

SHA1
4ae761adbe22de8b6979c1e3b6f9129ab8ff2c11

SHA256
273783621ede4e3a64953b0f7bf0d9fc8ea1d76a0d3d822f94f568a1d9a36eb6

SHA512
aeaf10d02cc568f8f5a09a713bbfd0ebe83d7fd2f66903bc8a64e75ff83d9e438fb937c2f76b5424e540b10f6260ca29477d8eb7370f35cb3ba74ddf7892d8fc

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
3176ec4df9cd257a7dfa038b7cfa52a2

SHA1
ec3f83a9875b3311a1c1e68d0043dc3843275c68

SHA256
2a95f2418d55f222054beaba2378471e762ce6490a8a93cfd84c76e0793c4a3b

SHA512
d8abab3eb50136d6857dd573db4c8d62448f67a2db29be0acdb3ba87dd8d2f57cd9f841f668837678332635fbd581d8d42dc11a11a9513f657c1332be10ca829

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
c7959868b119a2bc6dc9247ab2e551d1

SHA1
b051963ed37e407b0619a7a2121a69d278f33a6f

SHA256
8980282532b072ea26e4575abec4b8845e8eeeacbedc7f9f8decb7396e9fb0a5

SHA512
1ce98fb7669e7628cbd3f0abcd3e6e0c020dfb6e20259e225886556c5641f9c4e25af706d1e10a17c618d0a20d65943a39a78d48fa678082862aea7ea8a4c527

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
0f939a46ac2631a7fa459d49d86df2a9

SHA1
c068c1148ec1f57d8fa4882b47c051087d6177ba

SHA256
b09e586d17d71d2a0305d8775cbf7f85a470820d66335b18eaeddd87e22eba4c

SHA512
d53feb668c62af7003fc4341fd5aca6c1bce3a34e5a3633f1664558e8880e9616a5612e628bd9369a92529eba7dc7b3a7accf3c81d76fe993d063b4df7859f01

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
659048c71f466103262ab2c8a14fbfec

SHA1
43f7ab4232d401fbd156d6f240e30fbfe0351cb3

SHA256
a36139680babc8108225df4522c399282fb465071d431ce3d07208bc2b2baab2

SHA512
2fd77e512a7cbf2a3e4defc2b5454899580b38f0516584be717c143a4f76c9b3c65d9e2daebcdd46e04a4819bc6909528ce94fd0d01cc271bc21b2f6b1009c6a

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
b49fa016288832e5532d9c0512d9c88a

SHA1
5816454163acbea4347adabccf6db9ff46800e41

SHA256
916e31e33068fd4d22f21f53060e35cea88c944f70a89f05eb26f2dd4a2194ec

SHA512
f93175e44d1f85024cc30946b3d246075aa1eda4e2bdee6c49c8e5d68b1c0cf2080aa377a66f7a9ade5b77d3e82bd1f50deffbd75e39e7f53348adea03a75110

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
4ca717d780feea3f99d1cf7866593087

SHA1
c22c2705d91e23bfb171484e60ff588f69fb2c02

SHA256
5b8383c0a396d2a13c7e56cd9922de96ef8f1af47a32dd79d463c444f3683da9

SHA512
9af8decd3ac1fb570bf6249eb2de4311d74a007a386cabdd71b5234ad09ce7cf546e1bf110ce8b14f3dc75e5449663d73d99b7b88cfdf16d1da023cf3e3aa612

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
03f4be33b4c6a0a0de9ba9c0335c4e08

SHA1
f93a8126235adbac0fe7b531324f895f8c9330ca

SHA256
0bf29b756dd2c90ea1794b4917ad6605a498143e236a6e17d1117cff09667036

SHA512
bc2d0043bad4247bc41f9ea499ba726b32ac453e6c59f8c27d723f6c6f30d5ebdb6815ae8f726e8eb64189e83e6d8c90caef8344eb853966f75b9b574e30d260

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/com.crashlytics.settings.json

Filesize
710B

MD5
dca5129a817cf9e166ed58b6df580d9d

SHA1
161d75d4147831ec2ef0ec119df2b4ba264b409b

SHA256
c0b8e3208d936e73b663089ccc2b2c607e941ff6109880db48949631a58d7d53

SHA512
ae04bf343f5ef6b9b09a597089d9b66bf072583205e5089f83360eb94b9c9230a1d5cdeeeabda93e3098b45096cef0789ccfb9fde3c70474a6f355c4f05eccf1

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-663AD9C902200001108B1F159CA5DF59.temp

Filesize
438B

MD5
ed500c822fa99417962cc93577c5e4c5

SHA1
3f8b80d2b877164317e7eafcca39952f170f50c8

SHA256
94f491e80f6a450bd050e2fa67bae384c995b2d3a4d4675c02c021d6e1fbea0a

SHA512
59829c6d7bd2cbf8158ef92f9dec111ff66bbbb56370fdf1bb352969a34a054ba907fd3de4c1d312c70b32cd84212c8efb34f046b8a8db6262cff9ade5d2009d

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-663AD9C902200001108B1F159CA5DF59.temp.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/report-persistence/sessions/663AD9C902200001108B1F159CA5DF59/report

Filesize
732B

MD5
9b74c4b98510a57c7f990343904ebcc9

SHA1
7b55697f9c70d403bb1c6899d1274b5d760d35e0

SHA256
114fbb6376cf1a871541c68b6f3c5a0fefdd6a0fe601c2302be4c07aa183dc53

SHA512
86989bdce1a171c1dca274a7ed6600e015552a34dc47f50022e2dc4eace16959d2498665525a62c3dad5d978cdb594fd6bdf19c3679693ec3d897986dc70d07d

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation5743790730315419956tmp

Filesize
90B

MD5
9d912db5b01344c7908a5e9a2472fde4

SHA1
d2b6a0a7b8bdeda74c638a3d60077b8b7e301f92

SHA256
97058304daf67eb39053fe67255ca9f7a040eea2aec9996a991f867d331d217b

SHA512
3e165d2c051575f4b462c683135d86d4110af2cb656a7bca5493797bc8a76c57da9bb6fd7c195053bb8b7a8f0dea74dff9b01656104bf0cab244d8269aea717f

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation9116804714394458292tmp

Filesize
565B

MD5
68d6d9a11a3c83f8fbc0e1ea6826fb71

SHA1
2ad6e21fe884be7ce4b69608701fd5d344bee75d

SHA256
46d4a04f1f73f273a20859d5c5e3d27483ffff239e4b8a779219640366a224b1

SHA512
e094fc93590df76d8a034e0d1d7437ea8a60b33ebe2abeb13105085873bbab8c48900769b06fa0156b2282dd4591b0ac1f11e94ae8b170af78b8976b20af8acf

Download Submit
/data/data/app.EasyLogger/files/gaClientId

Filesize
36B

MD5
b3a1ad9da04ec59a091f76a32e82d97e

SHA1
4c18467a028b6f0c8e5ecb75409578d0829d50e8

SHA256
f6c4dcf0e239d0deb30ac9c90c47947201c8a4b2010e8e31dfe93228b5d28bd0

SHA512
c1088368a6aa6ab8a7baff56b74dbbf4ef859312b6e5ae8643ce1e50dcc5d176113dff27296a8bed77b892844172a8b157207c860ce1856c86cebcdcb34c84d2

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
7ce5750c196a42657b4dbe67afb44426

SHA1
cb063216f88331c65db9ce669a1651ac7055bd46

SHA256
a39e07c364a1a70620f16768c6ff98df43174f44397f9c4e1f5bb172a296bb38

SHA512
1ef6eb7c570e03efd9ca1de1bfd1a7afbf855653f10ca1206ed833858ea92f9c80fb9c5268a8c7a197aacc13f5332783700457c9a4d984bf9f2338c758907b0f

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
d139eabc83bd32a3bd6609824022efa7

SHA1
f1072caa7a9b5cb1428ecb0521714b4d55a999ee

SHA256
a76d84addca3e326649fa96ae5ea1ae56a24da8d9caee185bbef255b5bbba529

SHA512
dc36d2160fca3f38983318f826298740378c80f88b8d8bc069842bc320db0bc3174c6d35209bc030d7bd05b2ceb3d70915106b01fc7635fcf91a2bc530ccdda5

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
06a2faf785d043f23e2ea280e6ce8c6b

SHA1
f7b466e9f884c0c2fef1bfeeea072e9d9a8f6fb1

SHA256
952be0570136f814db4b8f2040a6acc84bf3b66825172b898f0f5adbf40709d4

SHA512
920cdc6d4e3559528accb65784f716bdc26379bbc911cdb13bf3cc865d22cdac969c47f17d472972c2ba1eba501ecf5d2848a50844e9a277324774ffd466f839

Download Submit