easylogger | 798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae

Analysis

max time kernel
12s
max time network
162s
platform
android_x64
resource
android-x64-20240506-en
resource tags

androidarch:x64arch:x86image:android-x64-20240506-enlocale:en-usos:android-10-x64system
submitted
10/05/2024, 02:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae.apk
Size

5.8MB
MD5

1398c9c6999be6f56f2364ec680f8557
SHA1

396c173b4c084afc3a2c89044ffa42a3f0e4dad4
SHA256

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae
SHA512

49ae3724b60f40ac3646a44164fd6879480d895e1096825f484d63d286b5c5b8f2557bdf752f746651504bd038bf9e93dfe7400977e2bd6ba24576843b3393dc
SSDEEP

98304:BUlRb+MDHwasxU19o7SDWNYbM2Wlghs4DqHvSse0EpO9X0xUCd7Mmp3/U5uaMA:CKhdU1xWlQDuSsGA9X097MaPUo/A

Score

10^/10

easylogger banker collection discovery evasion infostealer persistence spyware trojan

Malware Config

Signatures

EasyLogger
EasyLogger is an Android stalkerware.
trojan infostealer spyware easylogger
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	app.EasyLogger

Reads the content of the SMS messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/	app.EasyLogger

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	app.EasyLogger

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	app.EasyLogger

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	app.EasyLogger

Checks the presence of a debugger
evasion

app.EasyLogger
1⤵
- Checks memory information
- Reads the content of the SMS messages.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:5045

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492

Filesize
1KB

MD5
d9d873333511f5ed01fd1f22e8a6630a

SHA1
e915206503e83fe67de9d0be4167cc84e36709a2

SHA256
6cd73fec7e634adb0ef6ca833421a9accd8ae25a792007bccfd8d6ba30ab07c2

SHA512
90a3de272427b8fb8e86646ba9740b14d6b96b929e8b82eda78bead65207179de308cb8c9d1548603a2b723b350c31301f9ca8ed774f120fad02375c31a2570b

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events

Filesize
40KB

MD5
15d5b92dcbda7ef7f9ca327a903e46e4

SHA1
ca153b66028a58d90346ff8abadbdf01b95c37b1

SHA256
e802fdc1ccd833b91d80bb1d8f54cab2b585393e6a07622c4d9feaab07633370

SHA512
2352f167ee5aa37cb3438a0a7df8f632771a1d019c5cd120fe62313fb73aed6d0e09186a9bf306a564371b846a8da020f6acd7aede0cc47ca50701611fa84aca

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
ff3ecb7d575e106257aafe9e3b44a64b

SHA1
bc46d6d223b2a80f20559c5c2e1cb5c0b85d1a84

SHA256
22cd656a7efc4ff455b0fb541dae425312bd8145e1735699c89e8686bd6b5114

SHA512
7fa8ad64b7d2918a5808cabeced135bdd0fc4c1c9824df115c508ab40f19fbb60ebb49f358b38b60f216f0fb50a51d10556330d09efdadcc0d83edcd3ff06bca

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
11ca0ccc1a5cc9cf7a9c804760b2c2fa

SHA1
69bdc335ca5b670850c712e8e8238fb0d9eac0af

SHA256
c704d618629f4250d88e4062b6cfc5b8d35431274d227abc8a96fa8b0f59f3e2

SHA512
3b5afd8dbdf43a545fab8e86789dbcd8071198336fc75c5ecbd793d9ac31a0d7217a698a4a7a3ed3638ce2ca6fb05e43420e44c79e9b5f6682ced68693c93d9b

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
8527a386255aa291fe642ed56874255b

SHA1
9efc7e1776b3c5029cb1a1318240ceb93150245d

SHA256
a2e3e3182dc1c0adf09832713966281a8d635aff326548ca12ebf53696b5de14

SHA512
20b42c89fb3216fb84930ea280cc7a37455a64525647b6051ac6346f760a9add86a648d6e6008b7ec993951df327d8d79b621c4a936141745ee06685ac96270a

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db

Filesize
28KB

MD5
6d7a808acc16ccb828e916d4308e8b6d

SHA1
2a8659e4e5b1f43a38df73938dc913706a819bd7

SHA256
acfa7849f9c55c540f8b32e18e6e069e74ddea490273c0bff5d410bb7d397674

SHA512
b082698fc6525ca421515bf0d78542114381caa07212b586c2320f32aa809682a5bb314c08a146fdf27aaa7f326d03039cdaa3835c5d4395c1d3005ed9d44018

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal

Filesize
512B

MD5
b5a8c57fb85209b46d9f4702f60367a4

SHA1
70817c93cf99fa6dd2c45e54ae652ef0f1d2b19d

SHA256
380473cd36f7b71a1f0a4d5cf674aead86ea7694233f69dc454dd0fcb71b1932

SHA512
5e286f75ac004559eee3748a2e94aa96328120804f9d2252a523601feb05c5c81a93119550419aee66c8177fb2d5204d15bd626e58d1bdf9d0643b7b58ac8757

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal

Filesize
8KB

MD5
ddd3b4087885845f8b0706af5cb9fc64

SHA1
f2109cfe542f753c066863821844c9080dea52cb

SHA256
0f881edf87d178b9572838b2f90bb019e573476e0316b83bb7699debc20805f3

SHA512
91373080490584ea19c69155aa60636b583d4ce5124bbcd264c65c4808cc19f4cbac38f1b9ed4df01cf00eefc39e647b37fc73531c197e8d0e79ac3efd271a39

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal

Filesize
4KB

MD5
46066f8d6daaeb0921a720f20aeae8ac

SHA1
94ddfdbe5eaad7ab043c1e8d5b2d201fbe402718

SHA256
d19492a74fdaa11843dfb8619cb4e3ee62ddb861a0d728e932b976f94d75e38c

SHA512
a491fd3cb0961c547859eb507bb7f4c13c331dada0dfc6906f00153ff44a3c52ef79ec3796166406b47fbe50ffa4dfeba6c8405240b81a721f13e37c4a3865ac

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal

Filesize
8KB

MD5
4776a2d83cc53901595f31bec0477dff

SHA1
270f6d662d96a3514546f2bb1f4f584941f2efb4

SHA256
a09d375a266924f56f5bc3a72c9d2203a9ce3757a61ceb98b99165a87621b6a2

SHA512
aead884e2ce41ab1f908c0498b658b217d3a90a0af8862ea4bf430cc59e84a403689f78f746a95b6e318b520ba943f061839caf134921d869c159e4fa399f578

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal

Filesize
8KB

MD5
2a860dcb9dfce38c1a0907f50f808233

SHA1
9aebb16a5975bc95312182bc73e3e8aaa81e0336

SHA256
b3e7ca2c61fed29a8e074101fa39346aac4eed01102ab68ecc510b1bc812a1fe

SHA512
591de97c099ae00a88826c5f5fb3eefdb00486bbbf1605afffebc5c28e73b05f756a0279fb8657739d6050794e7367b9e3ac29742ac70b813f6b9ccf015fe209

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal

Filesize
12KB

MD5
f80641adf86fd5e18752a187a2ac8e75

SHA1
21f3f20e96f6ad717b2447c77be4b0eaa20335f7

SHA256
ad26330390c8c2f98e1603a9d88b599e9ee9d3cd8e3905b62a975d6e03361908

SHA512
701efa74b870eb0534f16088b092a904bf210a41bafb8c93df1d9f22bd887e9a24973201ac4ca199dc024423d56dc20df24ed7777146068de0dab70b99f256d5

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
eb52a90bb70b76e946b62f50b6f7fb85

SHA1
42d767b5d1faa7dcef4cb4e1432a5f47ec2e9ee0

SHA256
48472f593a3e9cf9e91ee5f7d66dd9ff291bfb247eb6b46778c710fc24e8d3c4

SHA512
b356c858cadd14b6ecddf134f1c494c0107a1d36be9387984fc53dcb00e6779d944f058f4ac99d0fc2fe3a427cd1c2921c6fc38ecad53909fc4b5b6f04459b5c

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
3102ea152742f950b1500c764758f6cc

SHA1
14b12d8e49daaff8f83529982fcdc64a7308181d

SHA256
c7caa6c62bc358f694f72bee357df93bb727b0a56f907fbd7c5c592c5a77843b

SHA512
310b7bc2ac80143f3bb4fe4cd6c5827ef919b0b299fd5b6830af0a9fe43024b002ce0cbdcd5e9d4ee48cd59aa8f6359d05721f55db3a804ea9da4843454c3df7

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
63b38b3ab17509a678cc357ab1a17dd7

SHA1
0d4f722e4cea5d9e0261107713b412d4df65430f

SHA256
c4f707e2631ecd0453c11fbd3d58398cd31dd384156b33058f52600251341396

SHA512
dfa6faa55523a2cfe14d639c24ca4fc9e9682882b2c16b11fb61f73e3b538c0d6e31c203d59e69cf43771022486ab3e22969a7e9dea781a6bcfb01b754ec1d0a

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
f3ae67914ed8c5dac00035cf214e0565

SHA1
8060baccace83adb135aabd19d560331ea0b052d

SHA256
a5030f9e46c0c4ef1585533a63dadbf334d7ba93dd024e0c764bb00bb3804bc3

SHA512
059a0f0bf2bbc4464a37ad71ce15499b2f70c3ffb68eeedee219013b74dc087faf905ef41e0741ffa1b8b4be87e3880940e8ba8fca8db4c81c39e48c4e4780e5

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
c8ba5f54559d4e3fd8c89e97e4a79861

SHA1
e1a6562491030a76690782f842625a7b0301c00c

SHA256
ef278b3f20d0f3e6ada197b8d79473db41a4cce12b6651b1d28575bacab7763c

SHA512
faa82a364bedd53fa363a89aedc6ffd9a621690b06acf4a7552370f5517c4293444f7f66ab182df0f7d326770857764e6e72e28d9637dae289908aff8266cf12

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
08be86fac15a1490588cfd2b830a5fc2

SHA1
e0ff73c4c3e65a9022ea4ee8a88ff76573aba0f8

SHA256
1f1b88a61bbade5e3ff371040c1842decf2332450a6455b430f7b3b1d64fa5b7

SHA512
722e73840d323011631c6caaf0ae9e827a57b416be900a371ea1d68ac6d8900bdb19274d30fadd80a2a3af81277973fbf2ce5741b7e82a2dc7ad98a44accd744

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
ede07cc52d013e30cb883b020d680233

SHA1
9928d6f0a6ac0095426c2865855659a9b09b63b8

SHA256
abcc1bf0d414bbc22c2796001502ff1b08ba0ca2eb7de2b7828837403ddae03e

SHA512
5aff56e714c8f43d40380c96edbabbdbdbbe005f7fde64216b2c667c4d818b9349e11f4ed136da981d7708efbcc2cb79c0e1121de023535069d5762b5b61744e

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
404bd92e4be05a5733eb4bd28c820b10

SHA1
d1af8a99664d62964a75bfb1b15e3ba45e85c27f

SHA256
9f70244ad17fdef57c43743269b09ff305c966d23475ab4ab3362a64e2132df1

SHA512
a5e7d5e38fa6c9a7794a56650923a27460633cdb8447f5d810d804a45846ebfc376f427e17e6a552a02b0974109d542803af7043246aa8fad78c9c5ca9f6b1e4

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/com.crashlytics.settings.json

Filesize
710B

MD5
9fa05ca8ecfe08a6ac64011f43c36584

SHA1
4b9a9fc687c908430d39509b59e13b46186cd145

SHA256
59fcd58a595c70afb37b0bce728d9b6d03c7ac824acb1f67d4bde6e7362ab208

SHA512
f80180215de7cbdb7aff56db6dde815e354119d97b727d73fcf3aa3dd8445f421478b0629768c474e831f36ed06ef31bd5618c0a3bd293f5b9a5ef21219d3acd

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/report-persistence/sessions/663D833203A1000113B58A7D5993EEE9/report

Filesize
733B

MD5
267330a55d244df9b8bcc26a1768e75d

SHA1
84483e31f49d89d82a1c12f8d13f69c9be62f8c1

SHA256
f5e729d0f7abeab110475d0cc285b101d0cdc036f0009aa06f58064185e57e07

SHA512
eba1ecaa191abe0b6f1fd1c6504073d6bd94c4b7847d88b60f5915a01720064a8f1a98a1d803b4e467d72bfa6814d2837a027c6e41963a16a00eb8a0ed817e81

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation1287568793123136820tmp

Filesize
90B

MD5
f527b36070084eb7c5c0c5a81736092a

SHA1
5343c25e2ef535ae35f030e3d565817069d33888

SHA256
7dbbe57dab868843addc0a06f10810acdf01494f17616f40f2757835b2876941

SHA512
9c35bfeba2741d658d4c97af5d312b812acbfe107181b06318481603fe1303556633ad8c52bbb0bb3faafe94c3a84a4535a6868515a893cc4f1110f2d32e4a2c

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation358868124819467566tmp

Filesize
564B

MD5
e887d3f1c8a2a96ac62fba10f7de6a1b

SHA1
342ca0d0a68381843927d87ca81b4a3b58b20a75

SHA256
ced7bcb99bf423e884f6ae15f764fac561948def5af78ea54ff868e3cf516788

SHA512
d681f46f396d785f654ed865ef1465b996818c7a8f390cd8889a52dea3f1571b1aa74de370b561e21b434e7977e3d5b10d516a447c3b398d8bcaed598e41fb6f

Download Submit
/data/data/app.EasyLogger/files/gaClientId

Filesize
36B

MD5
22fb895eef9d2e5b05891d9f54194d5c

SHA1
86d66a7ec1094f7d748aeed205a88195eabbc43c

SHA256
3a15cc2084be57e19d5f6d80ff337dacfce78238d4342c7f622da5953478fb09

SHA512
332949f5ececdbafe304cd92f199e86ea397780f9ee16c4b50000ef862b035c6cc3dc8e8365288ac77f0c7bacd84aeb6896154325bbf350be652f82f6c7e86fa

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
2fa0394425789011fce5f73509706dd4

SHA1
82b82a34897ecceafd98b11eb17e21ad5cddaf58

SHA256
b23547d4dcaee8876fa9cb7d8d7aa8d5da6706494f9dc0f222102c7cd2a4f254

SHA512
c6c33c4e9e83c6c371b819d8b8cb12c4df2dad77d7ae3ae718ac34fd258c4c288eff09db8c140186acddddbef1d2f6c63ab7b7bca375d103e57ef84a03d7d309

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
23e8d95a548801ecc9222bbd43589e7e

SHA1
4285de214b3fed3bbc5a35ac42534700de3b1df7

SHA256
7c5bb3a190cb8f99f390fe1b4c7f982865848953f05a00c972179e697c9f6231

SHA512
57d0f9afcad626171d2f02c59e8619dfd273c284122e69738110ad8cf83e684f2f9c4703d459a4626c4dbc5da2048f5b04de54860ca755e61566c91864f98ff5

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
e89621b1cd9ab21e3ab09bdd673c95ab

SHA1
a9f94f8789fb8205e00c98b6c1cb5d34fea3641e

SHA256
ed755d025c2b37fd3c107b2d197ce149ebf594a143a7ac86f1456d3a37f0f739

SHA512
8bd7ee6f7ca9ddb7c3fb245e62ba7f3524ca7234fcebb83a5668b8e6d1420b0461709864d6a50dced529efbbb26dd17ac2326ed53d4bce64428dae2427a68714

Download Submit