easylogger | 798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae

Analysis

max time kernel
47s
max time network
144s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
09/05/2024, 02:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae.apk
Size

5.8MB
MD5

1398c9c6999be6f56f2364ec680f8557
SHA1

396c173b4c084afc3a2c89044ffa42a3f0e4dad4
SHA256

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae
SHA512

49ae3724b60f40ac3646a44164fd6879480d895e1096825f484d63d286b5c5b8f2557bdf752f746651504bd038bf9e93dfe7400977e2bd6ba24576843b3393dc
SSDEEP

98304:BUlRb+MDHwasxU19o7SDWNYbM2Wlghs4DqHvSse0EpO9X0xUCd7Mmp3/U5uaMA:CKhdU1xWlQDuSsGA9X097MaPUo/A

Score

10^/10

easylogger banker collection discovery evasion infostealer persistence spyware trojan

Malware Config

Signatures

EasyLogger
EasyLogger is an Android stalkerware.
trojan infostealer spyware easylogger
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	app.EasyLogger

Reads the content of the SMS messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/	app.EasyLogger

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	app.EasyLogger

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	app.EasyLogger

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	app.EasyLogger

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks the presence of a debugger
evasion

app.EasyLogger
1⤵
- Checks memory information
- Reads the content of the SMS messages.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4237

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492

Filesize
1KB

MD5
0a69789deffa7ac9c66db7fefd582335

SHA1
a8558f1ff2082b0d444c4e29a8108597d42f0132

SHA256
0f173a6c44b05138ae9d070f6498b1707278cf023432be99ed66d238af255432

SHA512
a2c8194813b11e35c76b040075081826a3e0806930745bec4cf6d070f9bfd83c4e1e9d40ff7982aa87460b08345227128ba1d2783ebdd8034d4de798bd7cde06

Download Submit
/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492

Filesize
1KB

MD5
9bf3cf34992bf637ddef71e3d8ec2474

SHA1
8295adcfbef3c8d1a5053ac3420e89b548462b89

SHA256
1f80700d83f5101892838f11c32be9a4f455249642bf13c569594edef09bdb3a

SHA512
16b54dff1ac53631e37251e00ff1b384b0f2d45d4bcf3ab864884519e24702c84fc8b8001167048d1d578a538bfdae184c323d6f0f4666ada68efc18f1de9e47

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db

Filesize
76KB

MD5
247a9a1ab8a9d50b768aea16f443ee52

SHA1
1b8ef45ad7df4db30e70051835585e526f7fe488

SHA256
6c414fa302b351eb7df14144c5c36a7ddd181615cb540f012ff67005837c9796

SHA512
6285e17579d1253b10f20e00f40aa8432e58a0e7b0b080c7ed52eafabae8f339f250897164409d1bc6512359557545998042fe41fca2e7b4ead85ab26918663f

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db-journal

Filesize
512B

MD5
9220e5f388bd5607d18768e1b4117c77

SHA1
3b4a08c883957c9cba381b411b29698313362321

SHA256
54d18e4f8173221f6cbe5ade6de5c4ad0cd8a6c5f4a80ce9d7e5386b6a908ee6

SHA512
4b62fc268dcecc40e54de76c815b3103c1b3b12c4c74fed170346684d252a1803038acc139bfae2846b8770c7ff7d72c15113f02c82b760bd5105b728f84c0f8

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db-wal

Filesize
140KB

MD5
d4192e2e325376383acec0b67575fd41

SHA1
530eefaafb52345535e8a324a7305cd65ed45b63

SHA256
567a759e14df2913153ce5d1072101dde6712bfdd19c54b0515a6aca764fb1af

SHA512
68b5e31bbf1108e097689be4fb5dc2a0a064c674e85a6aff6cad01006baaa93395cbfd4b9868fcd278f8c159b5cce58d1aafa34e060f4f7266e6b03e9ba32b50

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
1a356a35c0a50242bce369e97527dde9

SHA1
ccc167f7fb9901e3246037712dc37dca23022042

SHA256
4e5e7f24b8ae667eeed75445f3fdb85b141700b0c50f3b11122b0bdb6c9975b8

SHA512
37e361dc8008288f4dfff4d5ad84e71c4bcfce41ee4a02e88d0e2b9167d4bcf75b2d5c54251bd1f43c5f9bffdae63f8addbddd0a57a0369cdac0238ad04df60e

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-wal

Filesize
52KB

MD5
3e037ed57526eee5412d48afef2f55ab

SHA1
52791a5502f0e5f1ff8af4ade4a1537971376e20

SHA256
8439562cfe915ddebe6e54708bdddfb6c95ad1a4a35d86c47dc28f8343e79663

SHA512
a35888df69000682ab7bf0b388e1f7029e60366bf9e13276395e2c3bd195c7a0a9d1bca710c61d8ec79c9de84e555c4972e2d0776b2c1286f144d932c241a12f

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal

Filesize
512B

MD5
129382d6bf61f0daf477e847a1b7d7b0

SHA1
007f87ab9663cc3f7110fd1a8526ae8c454c7a2f

SHA256
af85d340ba2d7b81ad7e7722a22f3bda7463741b9ece4e98b6d04e63e00c409e

SHA512
715fb3c3701c973ef250c127b594b118f82e655542a147e61825641b788f44429e41e93c7368c9ad1d559439da69953df58ee99e43aa43476de629af0387c038

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-wal

Filesize
68KB

MD5
6cdd14e93c5b776c5dea43f89f8e8f38

SHA1
34859b443af5585fe838d272a98b2e0a59d53c65

SHA256
3c9d732ecfb70e89ee130b6c6d4b5e35a4f448b44eab2ebc6de60abcd636ab26

SHA512
c12ce4da3e3c68211609bc91c91ca219150c2c6ab736ea6c6b7abaa4c08a02f6f1ff352ebd1be6ba5be7523bd988926c669fa05f298faebb38d61eb768638af9

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
b16f893eea9415b4fa65e495b3413607

SHA1
882a048f893941e22d0f8ca6335cbb671fc24d9d

SHA256
887db9ceff2419dd1abd3469057a1f4bfeaaad5be08dc5cfdade260a31f3ab45

SHA512
b3d492aa5551a29543c37f4bf26719cf54d4ef66578cf44336ea8757c0c86da8253f96ef2aa1a7d144134176a765e2cbfb215f6688253b774cfa5ffebf220873

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
38cb934531a3e7e2b1ef7c2079a197c4

SHA1
356f3ec6ffb989002cddcaa248d6d1c571dbca5c

SHA256
3753247965d196a8718569071e57facf1d15e88feb3be6793eeba858be8f125c

SHA512
59751eb2db990153a68847d2c207c977f2e7dca4ac0333e1b2ce79d739743f6fd8826a509ff368c57907dfb93ae954177debc31e1ae3f9e220a03a0b92d78aff

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
690df811b57f48bc2db883f1cc5bcbfc

SHA1
971ddda01255beaa96b979de918a2e5fa7b052fe

SHA256
a097c633421f8341ab29a424741d137fc46b414e8dd0cfe8ccb67f85ad6d1ff9

SHA512
47339363c6759701f1b4b0af438abbcf56c5abdca93f6ba3d41ad2f4e1aeb318ec954064db2795b71b373908e38a1b33972a1ba2d8db7780cc14cf7888dd4bd0

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
aaf95d7be343cc95928af241e4ed766b

SHA1
bbe74e1b2c54c19e55a4a3f33f01fdf5803b064f

SHA256
279efccf9e3b9f3b6a0108b106287e0fb75e3532d82e30e4675842af0b899ea9

SHA512
3ed3a54ab427972b9b459268c927083cdaff91ad40ebca5ba4543b7e31ce97d8da51a00ec44d92bd76b305066cd7989373575b1ca0f9b706fb5ff1b94992f6be

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ade57a9892c105eb146676b760e41e1a

SHA1
4ae761adbe22de8b6979c1e3b6f9129ab8ff2c11

SHA256
273783621ede4e3a64953b0f7bf0d9fc8ea1d76a0d3d822f94f568a1d9a36eb6

SHA512
aeaf10d02cc568f8f5a09a713bbfd0ebe83d7fd2f66903bc8a64e75ff83d9e438fb937c2f76b5424e540b10f6260ca29477d8eb7370f35cb3ba74ddf7892d8fc

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
f5ba1b5de4b100e4b5ce049c33d08726

SHA1
5649649743b4f0c4dd77f2fc05cc11ccf07b1885

SHA256
78f6401407e0a9d434194dac5fcfb2ac23aab21ddb76b2533fef005a01bfa536

SHA512
15710ad83178de17149343dc18c9213b0e6bca36064d57510a0af6a39a314e395a64dfa88c0017b28f04c2a064456ebe643077ca2f34cf22e57444e51b19d1f5

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
fc6fa9859f7a7d1a6b3690a10557bd41

SHA1
30084890794b6e502f537618c81df303729fe7cb

SHA256
fec447890f7ec5613dbb334b448987a45cd60e47e1e9820512b54b0e3308f3d0

SHA512
19ec25208451966bc94b88cdf9b1a7d6105e3d87b89ed6784bc668d763a89e7eaa478fcd5a4ea15f3cfbf1ea2d91ab12d6224617cc278b813ab59b9d07e1ed3d

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
b1aa143d0e1cad748641547aef50d838

SHA1
a1e42e95159c447a2aff2c5435cd3b4b514eb4db

SHA256
ca78eb59417caf4392a623a689329d51497a952bb92b5bae25c0b99e524eb0c2

SHA512
93ce8fadde5dec6f413911046d06c3b733447b102881f282f931d2b43eebcebbaeebeac0829bda610deadf88f1e5bb550990e4d726a1ea216b76e4209114a602

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
4ad008cde6c04bfeb903001a98d6e42e

SHA1
1ff37cf7e1a2d565c1c3220ba3c4e7450b06ca13

SHA256
08eef8b41e150117e5562621e38222812b0bc7414dac21cf9f7976c67b92147e

SHA512
f728d4d31e84adda17041d069f5d07c26d3e2a91e07aec668b4fcb90c3d28b15012aa663b7956f34ed9109c46f53918cd157029d39733c764cdb6ab64df1878b

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
3c528b9a48a16768815c08e6ccbd4d7b

SHA1
49d59cfa7ea913d7a5857ca0114766a956f5a6be

SHA256
60649fa377f1bde5ab704d2105854f2e6203ca7af9b0146f8b3efdae690bd5f4

SHA512
8f78b64c5e099fa3274bd40b18e52c63c9ef99f8b25141fbde28fc99bb48a0cb4c76f1b4a2f9c1493587ace8ce2a56534a2d7821bc0316fa5ea05dafe678d989

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
4791b319e754e81b0b9efc7225ee7c42

SHA1
b36b507064506598eabb824f8eb619bacf1e8103

SHA256
b2f93dd15e882d7db706f680fab70bc0ff7ed0e1f3801c548c1b36c6111e28d1

SHA512
7cfb6ddc7b60af85bbfebe89c8390f2aabfd50f8c433ea849b52cbfc296bcf6ef60a2d89b5b9027f4a00f88e134745234498b080ea62233e44a6096339a5a2b7

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
ae2ab2fa7face166682d4e783c0bc6f0

SHA1
0924696cd389f419f74f45f54ef64991e8d6f675

SHA256
015675293499f2f9c59c13ebf02717dd3660eb8a55ddec5181ddff50acd989bd

SHA512
c43b59e0bfc874b28bfac2b2f5cda137fa587c7717b61d346df5fc81f3a2f15279d962a2b7b68f342eceb696024f8dd113333bf6a351b1a25e5fd95ebcbdac98

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/com.crashlytics.settings.json

Filesize
710B

MD5
495294c84e954c1c88bdac1e37537b34

SHA1
b100b71e43366685f2962adab06de28e3a3ff93d

SHA256
578c0ed672fdbf6b692aaff1792b25a5be56c2325faf9642ee151b6d6dcddf3d

SHA512
528d5f153ecf99489a1dbfd18421607f0734e28a878c948990196a74c045dd417321cda5c78e8352c8a12798b40b028609d1d2a0cc95a57a33a42ca208a6592b

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-663C309600A80001108DA0645689C0C1.temp

Filesize
442B

MD5
ea9e935376d805c2b2f63ec5f72f529c

SHA1
fdc32caf866cf6ef34373e7b969ab1c31f8b2301

SHA256
a9c093641973cd225798cfe99c795eeae7ebc904c52fd25dd27b19f96a98ba37

SHA512
828f7604bbe9f887a0f4c9707f353158b51d52c133439168baad3e3acf310839e88f582c474934383ae40b1914e259d5c6104ec8e95a1db8aca95d63d9662f2b

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-663C309600A80001108DA0645689C0C1.temp.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/report-persistence/sessions/663C309600A80001108DA0645689C0C1/report

Filesize
732B

MD5
2e0d376b22ed473be14ee4a86a44d440

SHA1
2bab96a4554722c2aaff38af4f58dba1cfd642b0

SHA256
4f7c7e044394d26d47ff9770eddd013b09d903f070d7f479c64babf24dfa8cf1

SHA512
713ba0174cfb4dc4a51ee43b8f08434ff92d262ccd4cad1e5e0d70eeda82fd33bc87fc94564cab318953fe8d79d8ec1a8211f265de01cf8850e08a1c0b9396a2

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation5336771486084174328tmp

Filesize
562B

MD5
d3806683d08eec9553c6953f7de9aeb0

SHA1
9d36c9c0da4af02bff32332f4984bb93bddc8cf2

SHA256
5cba8ef3671ad5fb9a2cb8147fcf1af50763a9aac27670a0738718508f88a771

SHA512
6b0d172c143ce7f4ad6ccdb200e69000fabd32386048739e225026e2b34cf8f2ad8b521acadd7c6aff96e4e3006bb9feeadbfd07e3243d79bc08b7fa869ce619

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation6737141679640062539tmp

Filesize
90B

MD5
384605d0b907b0a78c8e1fb06f2406ab

SHA1
28fcb26775e5f505e69260b31275ad8ebec8ad83

SHA256
2f5e221cc2000ea833dba2d5f0ab8fc6e821475ebb8ff26e24091a241478e059

SHA512
19688622b950107817a94128d8c62b0eff916d5bf107c11a2540fcef2d2b54b9a90b5bc835a10074d85f21059fa9e2806b9f03fd6baea8f9f875028fdae12239

Download Submit
/data/data/app.EasyLogger/files/gaClientId

Filesize
36B

MD5
824feadf97caf2d1af85c32b58848ee0

SHA1
3f50d11be0b18b80eb064ff8f513ee1a58e8f34d

SHA256
39983421c5be0c4a9ad2fcfdfdffd7164483549323c916eaa53812bce1202ae8

SHA512
8951f0f484019f6264976ae3f1773a2fee669ee06fec32c25a9c1c1527391ac41a4863f752267709f006c219ce78bcf28f76a3f87c4c36598bd08e6ff13119e3

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
1d6e8ed7f7f937acc22d9464eb5b9d53

SHA1
1e336fc0c937dc3359ddf90be7761d8b55a1eb28

SHA256
b5dde755def75eab6ea953966ec88a14202de62f621ed729ad6e71f53ba98c1e

SHA512
b71b5292913aa4aa66533825fc22724fb14dbb62255c170ff9a9f6f280abe4a69dc1b0b1479fdef01814d27793dfd1d839e0aa179090abd6c617804c483e1db8

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
4dd7b4fe14c9a7291b122fb0ad721fb6

SHA1
8a5dc45219e00727904526c7355ec30b42b5fb23

SHA256
72a62ac370e1a9c5fb2b5c6d84d901bb0eb76f5a964beae6a84f27ee8013ecef

SHA512
fc2aebcf43c0f69259273ce3e219c7e9ef425b2679003be26125f246fe537b135aaec7f31c322ccc6883dc99b05104a0827da75fbe81e1feaf01c95a97d41d11

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
337364baebb1f1623f7bd53b3c7786d7

SHA1
e4d2ca6c42dfa0e57c7e7a39d1a777a083371e09

SHA256
9bede13dafc0ff583516117c59ac40a58ce20775b53609c0ca6721747341c515

SHA512
e71cf08c59817c090a8176be50b44e40b60169934c8c23e8a851c560921ebd5bc8658ca5603eaa91f2362dfe0f2be48fc1ed4b1a4e59260a2ab88be83e292667

Download Submit