easylogger | 798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae

Analysis

max time kernel
47s
max time network
148s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
12-05-2024 02:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae.apk
Size

5.8MB
MD5

1398c9c6999be6f56f2364ec680f8557
SHA1

396c173b4c084afc3a2c89044ffa42a3f0e4dad4
SHA256

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae
SHA512

49ae3724b60f40ac3646a44164fd6879480d895e1096825f484d63d286b5c5b8f2557bdf752f746651504bd038bf9e93dfe7400977e2bd6ba24576843b3393dc
SSDEEP

98304:BUlRb+MDHwasxU19o7SDWNYbM2Wlghs4DqHvSse0EpO9X0xUCd7Mmp3/U5uaMA:CKhdU1xWlQDuSsGA9X097MaPUo/A

Score

10^/10

easylogger banker collection discovery evasion infostealer persistence spyware trojan

Malware Config

Signatures

EasyLogger
EasyLogger is an Android stalkerware.
trojan infostealer spyware easylogger
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	app.EasyLogger

Reads the content of the SMS messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/	app.EasyLogger

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	app.EasyLogger

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	app.EasyLogger

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	app.EasyLogger

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks the presence of a debugger
evasion

app.EasyLogger
1⤵
- Checks memory information
- Reads the content of the SMS messages.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4239

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492

Filesize
1KB

MD5
d6a988d8e52109e8ba9019e1567c3189

SHA1
4ad361b3add4a8a71b5901b0a1df6282c3ddad43

SHA256
4c255f77d53a4abda9d598c6ceafbfa14c73a8a57de7d12768fcb11b41898ecc

SHA512
eccfa0142376846468f0d47b192bdbb28879eff36b783861cb546027a54bca22feff966ef6d2e77bef94db7a56766ad4c2edf2c43572d5f423e2c3d9bfcc49b2

Download Submit
/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492

Filesize
1KB

MD5
894599426927a69c183d88262c262bc5

SHA1
985f201c5dac96ef84d2b105b785a458cfb073d8

SHA256
33d3bddebc5f11da498db75776b54b4697b8b0aa3f450d9576fcadf814e6f4b6

SHA512
fd582e24ec46b98240be6c1f74b26a2d51c069d793211d5f0cf6b6e8263f9fe202b5eb32ae477acc40a9340f64cf9b021222c585f56fe43d7522ca9331262470

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db

Filesize
76KB

MD5
247a9a1ab8a9d50b768aea16f443ee52

SHA1
1b8ef45ad7df4db30e70051835585e526f7fe488

SHA256
6c414fa302b351eb7df14144c5c36a7ddd181615cb540f012ff67005837c9796

SHA512
6285e17579d1253b10f20e00f40aa8432e58a0e7b0b080c7ed52eafabae8f339f250897164409d1bc6512359557545998042fe41fca2e7b4ead85ab26918663f

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db-journal

Filesize
512B

MD5
2f2152b9deeb9b5756e2f54f63c9e4b2

SHA1
dfa25dfe9a66a77a30a19165192d947dc6fb7917

SHA256
853e45cf7a0852f78babeb08be57401211f51a785cd24c882d1c06a13c1c0e40

SHA512
0b55cd118d8a1d8bd0ad5475a405294858c6872f23c99a32df0dd878944f7ea3c220875b2d0a254c02736aef6b1a87bbfece72cced157416137fc45e191c26d4

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db-wal

Filesize
140KB

MD5
f1a5bd421bd8b397510179c051246b33

SHA1
43d8afa653eec55f09f7e20f64e8aeadea8c64f8

SHA256
224d2d3c49f88ac9dc13fc0dfdf02c97db7879c82b5b3bfb4b90d0b419e3aed3

SHA512
205b5eed842e852c1dca30ca5f972364d5158db6f614477912648b36d1ce3f5a1f1f8f2b55e93d39e08be563e67bd169c5db85195854c02d668498c12afb3144

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
8be0c4d1fd2ff9d91331a4edde66f288

SHA1
c01d2a5a6fd5936c29862798e535b9e13222a605

SHA256
df57fd755cff7972df0a8cc9d76567c39bf5a8d910e176f3b79cc357e43dafb5

SHA512
a46279bf6fdb6f21975d797bbb06dfe9458a1796ab2ef472939ae9616bf0f878721343931134dc4d96e2d7e81c35f5495f3838fda1fe8ba602c580905a787c2d

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-wal

Filesize
52KB

MD5
8fa6a1bb9c2f0bcb7561a6dac2a2629d

SHA1
3d73f2264e02fddcc7f4ebbddbf421adfecb1868

SHA256
c16fc719e3cf1e390d14db88a3770f00b82f3fdd9fde3b690436b26a881c14e4

SHA512
092efdf149fdc6560298626c5e5d5cd737d4ba91582366fc26a31013b7d2ac45cab873ef4cbd9eb294b0440d8ddac7d906cd028ec015d1bd24c67e9d4fdc48cc

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal

Filesize
512B

MD5
b540951c05557e5c20f1c956bf513226

SHA1
833b4cf78604dcf90aedbecf94c6d238d9ed5ca2

SHA256
2be95a013cbcb84be65bb36970bf0a77403dc13129552474d4787daace2c6628

SHA512
7b8693da05271eb89eb0dd4cd4ea5521c797d3a93c7f973a3b264df98c1df71ca26fea18cf22fb473a9c9a8b7496d1049cb7f6947d35bfcdbd1fe201d05b6473

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-wal

Filesize
68KB

MD5
d591e5b206be8ee0be6f00df216bf8e8

SHA1
de654caa01b83a72df387fee0bbab8e4be2d7b8d

SHA256
53d7fc295dfbeecaf2363bb7d1b9fd4ec7d1eeb97dd924cac357345aa617cd9a

SHA512
b72ac237d1d518efac164195dba6f81c89e6ecf2a8f63503d5831f8635ab874c72d21e2b30fb21f1adc69362fb4bd21c7f009d82200ba588cd22d7686fea2d48

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a1bb16f29fc1c7329af0a71eb7aacb3c

SHA1
47b20ff7605f8edaa7d54212c0621ddb5ed45b96

SHA256
e6c0c9778e8685cc8adb52429249f266ecacbe20404e36dad60ba5378060164c

SHA512
653181927aee8dc7f1433c355f534cffbf86c95059ae9fb2f1d93bdba3602a7fba3ae59e75b81a2312918bf6230f504c67b43fa7c61d89ecd37f93ca23048deb

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
59c5a4d9ef84ac4df47993ca6e982159

SHA1
05e822de8219d640957eea6f4220f0d5f40628c5

SHA256
6c3038ffcd6d462b420fa41cc4182da21420f19be5029e64bbbf2011e1dcc706

SHA512
57631608b5adeb6be43eaddd75c373ff0737dcd28804d45ed163014f77456216644741b780338ed109b5e0ffdfeed84719905337d1bfd0e57b0cac58c0d068cc

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
2d691ba90d7bacd95b9df828010af809

SHA1
7f273473b58d7ab547d58f914f97b7694a10bdf4

SHA256
8e3edd8886413ebf6f3f806b6aec4327d4a8d248c2aa2c55105681b6aba6a878

SHA512
f0986c485a6d5216f5236ff229d95831de6aafba3006a90838ccab994a036cc62a4df21254b071935b426d6832f87f08da1aba3176d595e9ad7a3a83ae4a5fa0

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
403d2d4c2821fc10e4226c7e5d4c5080

SHA1
2f51b194f17dcf391e2a856e8eec0c9fa19b52f1

SHA256
7336200118ec0bd8524a9ce88743ae13dacf1542363a5f2e55df35396536de27

SHA512
9b568e611b3df4e49a6daf4bd70ecbcdbe283f4f9478227859f937997297f35fe58f0b4e601a692a9c6a91ecb4fbbb48243f340e13c7ed1ee7ff912325506cb3

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ade57a9892c105eb146676b760e41e1a

SHA1
4ae761adbe22de8b6979c1e3b6f9129ab8ff2c11

SHA256
273783621ede4e3a64953b0f7bf0d9fc8ea1d76a0d3d822f94f568a1d9a36eb6

SHA512
aeaf10d02cc568f8f5a09a713bbfd0ebe83d7fd2f66903bc8a64e75ff83d9e438fb937c2f76b5424e540b10f6260ca29477d8eb7370f35cb3ba74ddf7892d8fc

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
f71a2a17560e765db28a5ae57f444dbc

SHA1
9ce750e9611e23e5b1f95bbc7091c2573c585300

SHA256
c8d28243e85ae16741fb79625dafa5baad7541aebf8ea317defedca0ea2357cd

SHA512
810f1f5bc0ababc908a5b2ca6e853fcef40a0a1349f7f9c72c685f62af58b3e3648217a755d848d39a4a6110b54b0c8a942b1356baa322643534b1619fc97197

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
83a013bc9f38330dddaed5a2b79960c1

SHA1
d04e412fb61dc7fe978cede4dcb5ff08620151c2

SHA256
bdf1a3aa6654bf2a4902aab7d6eaed65ab7db3ff63aad8c15057342b426936c8

SHA512
5c35ba0d11aff73937a88d3ac6b24a53bfb41d86f6382b896b2b855caea18512f117498799df2d82db3c5786719a94226761dfdd914ed7b4807a978cc0330e4a

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
3821c08ddf6c305b5c7ae6078f72d0e0

SHA1
9a285281d5827a6f39a58b0db6cbf5e22b16a40d

SHA256
c1595fb5a5ee0e9f42b98f263cd1fc6a2a8f5ac586884797c1d41e5c7bdf84f8

SHA512
34943ba13d73323f5fb36f27cddbe2b11ae49d121dd4cb5d8705799ae2c2714e569443cb62f146283257c4cc7b6214e066e3ab2f2ee8f005fdf9bbf0d3ca0aeb

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
215751d5ce63c5e6d33c1c6c6264c6a7

SHA1
f1e5a2dcd323d09aa37f37e4a59e42a13efa718b

SHA256
d0abdc0daa7a270a4e1ca354f0acd4c609679a5a071fe74feca8d3da48cac2d6

SHA512
a63aa3f30077fd138c9198ffff48ece9f0f8f85c6f41d9195ecfd703ca4cf1c3b315baec38ef36a50d0392c8bcb30622fd725acc569ecdf853f8ff057d20d3f0

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
fd509d147d0de70854c3e0418a0e3388

SHA1
6c56d0f935997af84994f74a2a7710fd29543b76

SHA256
5d443fba40168c8303a4fa0e129befb60f9ac8428ed66fc9a5826f2f41c0a889

SHA512
9a6131a40d89b186ea01dc88c0e387f9dce510f04940f3d7110e2913f6e140d4b14c56fd228d8f06769da9a9a45a71dc3dbef294257736f8c0eb493397e9d1ee

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
0cfcf93c680e2351b7c4bef127a1dac5

SHA1
54720c376ea457204c87684f05daca84e6ed9233

SHA256
d7553a8fe620b2c732793224ffb90bcd6c3c03e603f6f48646e7bda645143813

SHA512
515e6810a58e0776218985ea53ce41cc6b8bdeae3eb141485db203d80a043ddec16897f8c48514889bbd396e5994d2e8040dde5629c9afff973f8f979967da1b

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
1cf00200d22692641c1ae6274ec722cc

SHA1
974889a6ef7ec22c5dd38eb333294f689dbb1d9f

SHA256
f797a38dcf266e248d4e28acc4f14bfaa5807b9afe7e33826e809d86d4155910

SHA512
156d1f06505288b3cc82b2a5bc4321b2536ab0c16d58c6d50131acb472664ac9e82797a03c9ae4e5f588104528b43722eb5a29f2faab825afee7a841b4fbf292

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/com.crashlytics.settings.json

Filesize
710B

MD5
dcc4a49f1598088f77e0dbd2ae156c4b

SHA1
300fca708007f3f5fa95432ac15563bea65cb027

SHA256
8623196af79f394681d73605ff5adce135d42a0c81b360c3f35fcbf2ee023177

SHA512
bfe8b27b26b4547b8cbd8246130f58c9c13ec481aae92a326230dd333e538a5ca897f653a857311e92968f6b8f94a845cdf0af859025f195251ccc9b77d1aa4e

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-6640281400110001108F0A47FD0D6285.temp

Filesize
438B

MD5
cf658b757ad08be20b666fcb72fb0890

SHA1
d51f8ea541814793066f517123bdf5c753dc5000

SHA256
bf792d972e5c21efbf60766721dbd4a88b6febf687301062bac324d4bab9aa0d

SHA512
a514b3e223958b02576f8900a1f747fa65359952128a253e40023dfb2693b157f975b4c58fcfe61c295d73983333016aa58689d97490587ad6fc1b095bf4f0de

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-6640281400110001108F0A47FD0D6285.temp.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/report-persistence/sessions/6640281400110001108F0A47FD0D6285/report

Filesize
732B

MD5
6dc6a09bc7c1c67a05795f067e1d3aa4

SHA1
41d6d31e9c9741a031ec269b4bff0f2945b1e5ec

SHA256
72d0cf7b550a3096ce05f9bd13259fa4957640814bc88da5a6d5aff8fb03e862

SHA512
70892cd1022f4dd7c8c792cd2ac22c3fd14ef6569c98ba981f1d4ff6ca80e7635632377f1ad9419ac913d69c3fff951ad3852f92e1d7b7e7869f80a44ad63f73

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation5417910323567357221tmp

Filesize
90B

MD5
a09827b3ffdca3442c44093e122b9376

SHA1
b3b0bc2bc98d332673b9d96970c3479dac596e34

SHA256
aaa2c19735936c9433bd2620c2d3213f4daab787bb01dddac3d3a733b03e3e14

SHA512
d75405c2dc934cfe26de481981396bfe1d387884a0f91dc258b11896326931497c00e5263d5f26f80f7b415013d1de6ebc8d41fc47f0f3f8aa9cf6b7c0ccdd73

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation5684876818642956193tmp

Filesize
565B

MD5
c9945cab1faf4e0d502fb4347237d4f2

SHA1
12a6618133c3eaa05726c9bfa375820b0f2f4dc6

SHA256
4fa4261e07ee703d7ed1de47a8b24731ca78ff904feb27388df038d29faa34d9

SHA512
be88c478e33fdd9a8f8b804d9cba769bb4e0bbbbff7662ac8c7227ab63ecd88eb75a4ddc0db808d928fae3748eda18e59a00386d6a9e04543ce29d7f7d396ef5

Download Submit
/data/data/app.EasyLogger/files/gaClientId

Filesize
36B

MD5
2362de64726501e51613b550c04b35f6

SHA1
5117461f768eaec13db906e617496a27719b2324

SHA256
48fd3ea28f65d55aa59d878efe607d97dfbe19fcdd033fcf7ff2deaecf438e4a

SHA512
7d39ba01d3fba905414bc791c1e62e2212b92bea19ff8db9e0b3b512d4bef94e149c5b235f3deffa2b3daae78c38d0c1dd110860421a35c633d545b9fb32b5c2

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
f0d76552a125e49af1c0ae4e801afbed

SHA1
e4370e1cc7c7eaa9da12521906b981def831dfd0

SHA256
e5b133516e2231a0319bb37f448e08a8beae1e4a2c78f72eb66654c2079f1b6e

SHA512
0e1e964ee232afc66db40818c4a3687169e0ece60ff34e8d4d79e70d67fef50e666ffb4ea5a46faae21decc1ce8ed0978dcba86e5764134abe4058f90a9d4536

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
0890772c17b574b228d93382f67b3cc7

SHA1
ea7e87701497745c0439301a73bdaf15f741f6b0

SHA256
4c4ee39a2b18bba5f0923dbac3dc6f173531d45e3d48873a56b874fd40ec0a77

SHA512
db91a21c970fd1871adde910daa282152014dbb53f3a1641dedbaffa38c83331f9fbed3c9a66a61df3b9a6bcb933a4aba6fe788574ead5eca74d6ceda581536f

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
b702addd20313d1400b0ac98c44c6f97

SHA1
0541c832513b499cff4b36a717fad3d005f197ae

SHA256
7eef660ba48f1e38c50593a3cca08a5c9867dde929ae7dfda002728ea0235593

SHA512
06eec059ce4f25ccc84a5051e80641fc088e59b0be32b4f13c9733a4d5dbeb0bbfdd875ad174f4d442544a68454443200cf7160e0f9741a8813883d5354d9c4d

Download Submit