easylogger | 798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae

Analysis

max time kernel
48s
max time network
139s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
11/05/2024, 02:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae.apk
Size

5.8MB
MD5

1398c9c6999be6f56f2364ec680f8557
SHA1

396c173b4c084afc3a2c89044ffa42a3f0e4dad4
SHA256

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae
SHA512

49ae3724b60f40ac3646a44164fd6879480d895e1096825f484d63d286b5c5b8f2557bdf752f746651504bd038bf9e93dfe7400977e2bd6ba24576843b3393dc
SSDEEP

98304:BUlRb+MDHwasxU19o7SDWNYbM2Wlghs4DqHvSse0EpO9X0xUCd7Mmp3/U5uaMA:CKhdU1xWlQDuSsGA9X097MaPUo/A

Score

10^/10

easylogger banker collection discovery evasion infostealer persistence spyware trojan

Malware Config

Signatures

EasyLogger
EasyLogger is an Android stalkerware.
trojan infostealer spyware easylogger
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	app.EasyLogger

Reads the content of the SMS messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/	app.EasyLogger

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	app.EasyLogger

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	app.EasyLogger

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	app.EasyLogger

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks the presence of a debugger
evasion

app.EasyLogger
1⤵
- Checks memory information
- Reads the content of the SMS messages.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4461

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492

Filesize
1KB

MD5
51c33fcec9fe5ec7fab0b6026a662446

SHA1
0a59afb3b5d4cc8ae9fb67b265e7587e9c928cc6

SHA256
8557addde3c4378331e2d007311387282993c3dbf889dd03a2fe31a41771db1f

SHA512
968d6bf4a07dd72f4b4bbb07eeb0af8fca571884e4e4a0387f619d7826a1d089e5ba9e8e9fa9930b30327a44a6da2d692cd93f939685aa11cdd6e3dd451d438c

Download Submit
/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492

Filesize
1KB

MD5
88983b0c4f43a566606db560d84d9f63

SHA1
03e008890261e2d4c8c789cdc3391058329889b8

SHA256
62609540c5850595ced5a1cbec06e13c76cde6dfc463ff9b31b65882029da5d0

SHA512
0147f19196747c49296cb9769c25036c13cbe6c8b56cdd774c0d546a4e70b7f1b893abcb3317e8e9ce2a15fe54286977266ddcbaac84475046f93a4177e10aad

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db

Filesize
76KB

MD5
247a9a1ab8a9d50b768aea16f443ee52

SHA1
1b8ef45ad7df4db30e70051835585e526f7fe488

SHA256
6c414fa302b351eb7df14144c5c36a7ddd181615cb540f012ff67005837c9796

SHA512
6285e17579d1253b10f20e00f40aa8432e58a0e7b0b080c7ed52eafabae8f339f250897164409d1bc6512359557545998042fe41fca2e7b4ead85ab26918663f

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db-journal

Filesize
512B

MD5
1554f90851262d53b25088d610e50594

SHA1
8e63fac9919cc3cae1154335f6901eed9bda8008

SHA256
c6b5f740ddfa297970142ff98c3285d82b2b5bb48ab6ef9f03ddd8dd53f270ee

SHA512
086e402ad9cceb06d3b4376ead1797c07abc2e36016a98d01ef4bca042b6fc69c8767f8637cacfceff32f31ebdede3e765d987a99b20f9e0895701b21382e037

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db-wal

Filesize
140KB

MD5
27b299d1127219dd5cc187416de0eb22

SHA1
82893f33fd5790d205e508a281abb43abcdb8f63

SHA256
07a58169993f12b0117d5769e1db27c80a3a62c2ff3dee49c374e7d534643389

SHA512
e17a8c007297be92acae1139e2724b3b5376e195f6a16b375b0df3975482851444b8f5c614fb7ba9e933269f1e40384081b72acd737c12ac8dbea575eb82ac5f

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
cd190e3d446c6bcd3aca87a1d6ecbb39

SHA1
5e757b729c0b6238bfeec67c5204b103623d31d3

SHA256
d19373bb6581160dce85fc45fb559838420e050907f0b6f55a1217c11ffb2fcc

SHA512
af514f67d4971cd1c76c8ae0c7cd9c6d690037b81a606779f13567c5eaa0073f40c6b96bbcfdd9f32fe9f1a11c3b869dbf557eb655e188e65f0e0ec28c213f76

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-wal

Filesize
52KB

MD5
7fa2545d1edbd6a3d14257676286832b

SHA1
f72b946bf7efaeed9b5c179640f7e0bc944df071

SHA256
13352088fda333b76575ae1cd334370dc116137444ac0b8e348aa7a5fe2310d9

SHA512
06e7ccfa73a5282901af0e6727e084841583d8901b16f3dc1a7483f8810be5064801deb5fe6d243b4934c410a78ff0e3a442e9131af699297bd7dc7c502342ff

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal

Filesize
512B

MD5
28782e00ace8e88be18c13444b797490

SHA1
7055ad56c81e5c8c6c56558d2e5b4007546cd702

SHA256
eb6cee55eb581a51811fe1070b50145f4a82b47d99034813ce62facb2eddba66

SHA512
94a43a9661d6e81431797819c9ade72a65b9c67da0c02d853fc9800c719de1468bea5ecec3b7e1018bee362125d564b8ce2a35b44ad619911dcac00358b3aff8

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-wal

Filesize
68KB

MD5
60dc49ef741bca2f601044b5ea740361

SHA1
fb041c0b6c83f80fb70db37cee91a7abe29a85a1

SHA256
37ec9ff73aff5aa2c78c628b8c2e8713880a26c4a85ff6e44a65b0f818f840b2

SHA512
17017b6c011fea7558a2d7169d510251f2ea8aa98b4093ffdb2bd2a8a3c674558b68962b839952c0276882d76058c7cc279ae8a37ed25592296be5a0788fdc58

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
efe4e6c99fee72a05e6a4d9d3e2ea0df

SHA1
79132fa6a728a2c7e0bdd732db338b4dce168cbe

SHA256
83a5092c086183906fda5a408303757a21f65a17769d5395b3a906b24b2b7605

SHA512
33032c755b78ac719a6a41df1cefbb18f6caec9a297d88876e5f1d90cc02b0320f9ffa929671f8d88c95cf90dc36be246b73305a959c46c4891b197191ccc09d

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
83a1e13db50cdc35c21783567989b6f2

SHA1
ce347c135f195493fb9fc30dc6dab27082f2ecc9

SHA256
45fe572cb96c0f21921a7c8a6ab6672c00c0fb7b379889c034f3ca975680df7b

SHA512
867acc0bcd131a02de24f4eefa2a4b1e915fbcb20b131d77cb55cbb144efb6611426eed318b8eb1968a9cb34cfa645858549157da6a63aa21499f2d0a3d74f85

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
18845864bd2f11f471e4ae4111a5d6c5

SHA1
bf452727caaad1cb1a24fc593c380ccd374251ac

SHA256
18ef113d0bad9b8ad7d73ae66944e2474d2c37b3e1919b7ec8faf69e0633f487

SHA512
af38fd3ae5598bfaea1cd2f224ee6edb037f2246bfd783e8b0fc909139cc47b3c946b27220ccb449bd5989d21a67829ba4d9aa986e484c8184393bb3500f337f

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2dfa1590c06871e5170b8758ba0fe27c

SHA1
d1bd6e748e1bda7a3da4dd3568ba53479c50ef77

SHA256
8d96de0de523498686901bfd0aa5dbbd29e9272e91493d2d408396afef052d21

SHA512
26ee8a4d563f0acf29d05af144772d8f4a8d35e80b472cd2792e17ea4a1f1d19dee6fc87a11f32014ce8082c9d2bf7dca59b1eae61935aa4660520797eea834d

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ade57a9892c105eb146676b760e41e1a

SHA1
4ae761adbe22de8b6979c1e3b6f9129ab8ff2c11

SHA256
273783621ede4e3a64953b0f7bf0d9fc8ea1d76a0d3d822f94f568a1d9a36eb6

SHA512
aeaf10d02cc568f8f5a09a713bbfd0ebe83d7fd2f66903bc8a64e75ff83d9e438fb937c2f76b5424e540b10f6260ca29477d8eb7370f35cb3ba74ddf7892d8fc

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
848417fdd938bc74c8590fe6bca69a83

SHA1
69ddcbf7d497e6497d61c0be781b54af06069a9d

SHA256
3eba201bba36ebfb13ab5fb329ce1446522e25eca7a31e6750ebf463a8763f75

SHA512
38a635f214808dbbf0d12f6d4f6246e697e563c6254d0adf103361ffd3c28e0af2061cb0f10cfa568863a163baa12e6490ef577608c72a8b0c821a2c2be2a35a

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
95ff212d0e2c3336a0d178b9ef58ff24

SHA1
7f1e939e31a912f403eb0f8df950776abf0137a4

SHA256
63813a49b28c123b3d5605ebeea2083a2a433fb8d707ef08759a405cf42d7242

SHA512
aa05ceb2d951dd84a74235dd1d94eb49ad5a2a599d4d7536dcbab71f9ffecc407b0ff03a31d8bc9e72c89c0641a036eb8e3ac45164703380b46ce36e77cb8df9

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
edd89fc2f442d2362c44c4d0889e7a1f

SHA1
93a5639c4f20f7cb54ff0c94b3768336b6059d35

SHA256
796cfb093d660e05bff30a4e708ad580c35ca636b95fc5ca2ccf746c12769119

SHA512
3e5fa3da9a64bf3cf1aed637ddee3dc16b391bda19075c2fda1f6a8ee157af5e0bf7f4a70884c89791fc8a4f616eb2e378c15bd8474045c3d09b9a53a320a942

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
7f288bb9e2d80a6bed8ec65d69cbcb4d

SHA1
3c4b9079c308284b2b0979e55d99726bd7d57de9

SHA256
bb5d76bd7365205d817a5ab715467707d51489818e432a496445066d944c55a0

SHA512
d8f2c3c1df22cf8dae4dd5606015251884aee54617357a64009d8b34a5e01454aafbc77ff9fc767ffd95cf0fd6551123d70d8bed964798f0f799c52eda0e9f5a

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
e0a4eb66755fad6f365493a106813782

SHA1
67734ae91c2304bee7643a91fa2ae375a280e6e3

SHA256
21784bcfe779284be0a0589b47a5cd520c757d265bbd70b3b8fa1534fbe88a87

SHA512
01ae53caef953d6bc4dec11ab0f9030937b433217cf440ad7cdfdb82a1d39e3e3578b66910796337eea61d25de7974ac0b230496562addd1fd8263a55878333c

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
0ad79bacee28c605215f280f001c713b

SHA1
61761aff88edac4aa7ff15f2a3a9274f0922a253

SHA256
e6c759c085e259aed19a97dabb8280cdf1131288c33a1249f89d4a41b63f6f34

SHA512
35edb221b7e9fd9f250e315cf829360343025b6cf13471b395341fa7dd205ad0296629ceab6a334ef7822599facd85b58e8e4ddd52a0c54e6e45340e5e90e273

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
33fdd775814bb52c459078eb566523e2

SHA1
49ebf30f417c8b2ffa21acdefea78a683637a7da

SHA256
906e474fa25593e293b234f347ed3fc9e1bd313ba26fd136f0a546eabb6e8222

SHA512
f7c8adbe2aed5456a033dd3c091c25f7dc1f9b3e07e3d19b93e60b8497c8e2698068c9314fb148c94c94121c0db3e6cd660ddfd549d219bd9cc5150aed351850

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/com.crashlytics.settings.json

Filesize
710B

MD5
a375e70d3faedb33a9c23cd23e960b47

SHA1
2689fdfcd885e711db23b3425b3b181f282c450b

SHA256
30c73437008e26b56d68dd643b7a79d5b5475da5b28e45aaf3d2970192987ce3

SHA512
92b7716da49d707818df83a57cf935fb1174e34a9ae9e9a68a99be5406bc39cefde76b9d6d0eefe1bb1fbe9b5a6fddef29ed37441077255f12d5972bbeb54af5

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-663ED37701820001116DB96280F2C436.temp

Filesize
434B

MD5
d256011312df84e6fe12e0c764d6e3d7

SHA1
90c610ae2652a443c734d12c5efa8a8b0e51cfd8

SHA256
e87c8286c46edf0d0073b4e975fa37d2c6ae986dea17e9f1563074ca1b073cc3

SHA512
2ffda7a4122091695b20e69be0c0eb80557657acf8e6c589a0dc68b60e40421fb67f79add4e923c97b5c517c958e10858c2a11f05dd2b642a81ddae28c97a980

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-663ED37701820001116DB96280F2C436.temp.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/report-persistence/sessions/663ED37701820001116DB96280F2C436/report

Filesize
732B

MD5
a3108f78eb3ba59f1a1e706d06626392

SHA1
8c1cb4a0bf94bd651324c1a02e575073d18ed8b2

SHA256
99e9b4d9d906a54eb59fda9d1d2f1d5d34b70ff54f1573c97aa03f9451f57e3e

SHA512
5af28fc5132d3cffe448955315258ce1f216cf182614c6ef4e7329ef08396e2d65e21b672d295c80ea7a6a9ef4f1d155bcb550502db72a3f94b235f68b1e635e

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation4444606649217379672tmp

Filesize
564B

MD5
8a9c4fb145dbd1e433acdf9d357e4880

SHA1
f3410189a081ba0f3f9177f6f53d6a28374cf34f

SHA256
01bdec10e1d323fd0ee3c3a0f10a3454947de286403ba7188f99b5ac916f95a3

SHA512
da670fc0cdab449746bfc52808f326e3694a263671de93aa0ed58a7654563790cc74e40b221f41851b96e816b7ca2a8e7a90fb9ddf6d7d7a373ef5b1da4cca37

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation6599446451906076774tmp

Filesize
90B

MD5
c8b23fd4b63be8764f35ccf433371f3d

SHA1
531b528822ced424919a041ade745db3cc937ebf

SHA256
e256fc918ea3b5f62ab7a18a430018365d9fd33164dc7ca31ed770517de58de4

SHA512
5ea920c4a98ed1c664387f380fb9ec1332349001a7793066dea1dc9bc20796f6562fb9ab860693194375c2655ca8537ddf12495b9aacd9d4368b5fd8d5c83a5d

Download Submit
/data/data/app.EasyLogger/files/gaClientId

Filesize
36B

MD5
96fb020836bec697bee99388e3e99c3c

SHA1
b509c9bd9ba96e878f4f6fa5861cfbd1c4b54884

SHA256
86e17fc59e2d8cd65df576402a3fea7e78a5afe50aa894d8274c3ea399c6fab1

SHA512
6bcf3e3ff5bf2b471b75d41964a9b82813515a26e0a94ef2e2c161a79d548a94181f5d313af9f5f3166f512834774893364abceb755568077ec0298122b08cfa

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
68edf49248bda47a6df6c6b7a6bbfd43

SHA1
5ce91944368888461b6becd1443532b066c629da

SHA256
2f75afed6486522b6d122ce8c760f722220ed759dafde4d5a07ca28b8ba9645a

SHA512
16cdd0f0f09fa01873c2b952323ef1b9fbd169dc2b8f353c69b82129ef1b8565837bb7335f1fa06e71c50a58522ba3bc75fba0d97e10cf8d6f845feda209263a

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
e7d91d49cb0be3696700f1b692426acb

SHA1
f81850fa7780de08215023dddc2637009533485f

SHA256
99d6bda10194596b7906d04cd9d57f908edd5c8b9fe1388e42ed9cdad2e2226c

SHA512
7667ea1126377aa580bc810f8fab66ee7335e5eca7fdecadea6c7a86df30454c9778b12d455198ee3637df796a2ecba520d9341b44a2fffffc8b4abac510a710

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
eb218182d696b38515377206fa34ee14

SHA1
81748e5ef68a9ba34802290d56da5afbb69d26e1

SHA256
c621f1250ead309e78a0dff2def93c5b5d003edd2ad57b2d2b6569d310eb69e0

SHA512
c683c2f5a6a6f0424733dbf69c8e84a13d1cbdad4cabdd1d70ab973f568e74b97be84423277140f3cd8926d97a32d456c4dda2ac2941afff3ec86fd544f4b0c7

Download Submit