easylogger | 798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae

Analysis

max time kernel
47s
max time network
149s
platform
android_x86
resource
android-x86-arm-20240506-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240506-enlocale:en-usos:android-9-x86system
submitted
14-05-2024 02:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae.apk
Size

5.8MB
MD5

1398c9c6999be6f56f2364ec680f8557
SHA1

396c173b4c084afc3a2c89044ffa42a3f0e4dad4
SHA256

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae
SHA512

49ae3724b60f40ac3646a44164fd6879480d895e1096825f484d63d286b5c5b8f2557bdf752f746651504bd038bf9e93dfe7400977e2bd6ba24576843b3393dc
SSDEEP

98304:BUlRb+MDHwasxU19o7SDWNYbM2Wlghs4DqHvSse0EpO9X0xUCd7Mmp3/U5uaMA:CKhdU1xWlQDuSsGA9X097MaPUo/A

Score

10^/10

easylogger banker collection discovery evasion infostealer persistence spyware trojan

Malware Config

Signatures

EasyLogger
EasyLogger is an Android stalkerware.
trojan infostealer spyware easylogger
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	app.EasyLogger

Reads the content of the SMS messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/	app.EasyLogger

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	app.EasyLogger

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	app.EasyLogger

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	app.EasyLogger

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks the presence of a debugger
evasion

app.EasyLogger
1⤵
- Checks memory information
- Reads the content of the SMS messages.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4249

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492

Filesize
1KB

MD5
f6c6ac9fd9309f040f350b1977ac4daa

SHA1
0ca1428acff138bbdd78fcdbe76db32d3aef863d

SHA256
5291010e7e605bd2bf058fdf60b0f54f677bdcc4b820dc9ef894455f484db0ed

SHA512
ac13d407e797aa721d1a86b9ced26d19bc9777b1ab0338ff90b62b3eba5e2f748c560514c1fe129e23c94ea86b20713607104e18b99736481368fec058495e61

Download Submit
/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492

Filesize
1KB

MD5
2df24fb699a38f175d1ed332320bc834

SHA1
8c6fea804eb1efcefdbc78041797acfac955f78b

SHA256
77bd68c6b69e0322b01a438eecf19d0cc826e77a228fa47ef112a35e2a8360c0

SHA512
ce061dec1b997af3030c50a7deebd34be02c81bda8a3e09f66d01765e49f1e4457462db781512b2925592ee8c424137b42bb482b9cb7ec911f9e14613b98a5e6

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db

Filesize
76KB

MD5
247a9a1ab8a9d50b768aea16f443ee52

SHA1
1b8ef45ad7df4db30e70051835585e526f7fe488

SHA256
6c414fa302b351eb7df14144c5c36a7ddd181615cb540f012ff67005837c9796

SHA512
6285e17579d1253b10f20e00f40aa8432e58a0e7b0b080c7ed52eafabae8f339f250897164409d1bc6512359557545998042fe41fca2e7b4ead85ab26918663f

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db-journal

Filesize
512B

MD5
c65e95d19462a80ed26a2d6d78d4edfe

SHA1
2c1b9395fdd5d8d22c52db3a9d7dbc7d78e63245

SHA256
49ace3665ba9608402d22dc91a9f8cc58453ffb29ec49ae61a98e967c60e3ab7

SHA512
5842363b6ab0ff4548b9c523d741faed645feed38b5ea4a8275c1fa369eaf9e73ca20210458ba231a588b5c7f16b9b3b053ecc71f043fd27f5e29cb3e3590e07

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db-wal

Filesize
140KB

MD5
e05b9466c7037fc68daf29f003b1bcbb

SHA1
7c3ce14a0bc57e9d1435c10c404c7238b368ef8f

SHA256
73b6fcd91c1585606e1692dea63304df1aa285970ad4f58b1dd998220d07ea92

SHA512
ef36eecc390f0f0f5ebf0c5d8d97b5c23037e157ff440ba98efd36a3f1da5afed79e0cfdf280809141d7319722fe71c13409874eaa049917883995bae1ca9ecd

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
c038994ff2ef448799feef7a37342f7a

SHA1
f1c6d8099f2d0cbb30d0407d0df71aa22ea79a8d

SHA256
0a518844990beb323f47519dac694e81ea3dcd5f8a9102cb7907aa8b0c5a8684

SHA512
c8e6c8e21d6cc8057fef10c9005c69b6a132eea83d9a48195fd717ed0d58b76f73fe5b6f9cc888d2f5a9dce8f70d0c4d96ed27abb74787f77c47e0f00b460b59

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-wal

Filesize
52KB

MD5
643612a5d602adea7e7717c1750c8a29

SHA1
8fa030cdc3f8e8dd9825d301100ef715f26565a5

SHA256
8665b5e6e69b3ca277629d10e949f5f98c3b7222de5d9dc49e58b93da8ff0aeb

SHA512
c86fb3b2e3ac1b4eb4e83241a88de92f9fe566cde1a1c87f57fdf60537d7d0135c76e1d337011e6d0f98c8d9889fdacf1536f4e06e5685eeab86b60108b4d00a

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal

Filesize
512B

MD5
52e8ad707bdb923c1fa0a9d1d8f974dc

SHA1
26675767199933567356dc217d8c6e238745f75a

SHA256
58f9438a2f9f0dc815d7ba47103a3090f160a286472cba918bf83deadd1db9e9

SHA512
1f022f26e83432926972a479ec2344e8f21eb6ca5a5c2e43a180c3fd9c9e5e1c750d7c56d9c13f2911ad7234c12c0e6c4e043c27eca6a42915a2da298f018099

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-wal

Filesize
68KB

MD5
c01543bd78294c59d2a0f4d5b2a8a52a

SHA1
d163f93866710de01d29ff2a4d9650148b622e2f

SHA256
ba668872817464c7580739cdaee2ab25926a75d4d791123a0a392410250d1faa

SHA512
4c015c7501fea3a906521d12857b76060c70940355f9670de06f5b03501a4fb527b1e56fb847cabfefaaa5ceae9c3f94e2f386c6b4d2b0ae6b62172fcfc947ca

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7bba2f43424b528f3c6d468eaffbd5e1

SHA1
9989109001caa308c59482e6cdd0380cedf5cb1f

SHA256
a482686ad894e73cd8345575479f03b51fc404eae8876df094013460fd881ca1

SHA512
b1254b36b4d826171a3eaeeccbf4e93b3bd23ad59ea586f59114ff721b3f93b8272cf5ef0e976b993a2f4000e2e27e9b399dbe70f46a717e5edf0269ba8946c6

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7adc558c376bdfc74f4d4a62780c17ba

SHA1
adbd300ba30b3123e2689d7e738ec05f5a6e8351

SHA256
4413e968a5e0944aaf873860cb665f613371c0f73873350e69631b42723749d6

SHA512
eb13b677ac0c3125535abf3ab967f9901f5b7cea3369750c589acc61dcf9341a31ca3576059978ba1808fe3c59aa73e57e399e7ab9475b043b8572f73d038175

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a1d20ad7509c937698518b1ed7cd4ef0

SHA1
2286791a9281ff2eafe6cbef73aff7c18d62ad20

SHA256
3663c4f75a9ee7abd3d14c2779cb4fa185bd6eaca02dc185033f602bc29047c8

SHA512
64c0cb9719db3301645c94e2122c6348e3af4aa3d92d6b866bbbe835d5826375bfa3223b850b09eab3b0f622729e229ae3fc9c07ea801669a51773b43fcf8582

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
9afe1ba2a78f93c9385b798b55a6865c

SHA1
985fc9e601c3b3c11e2e5a50e65bde192254f180

SHA256
753833b03cc250d7b9df6f3371ccf87da9d8ddce9535e1d45574a37dd4e907a8

SHA512
330860cdf226b1129885243f298f82d9514980cf8c57daf8bf719c6509ba100b1d658092c3b04c29b5793513980abcf3b00d7e485698969f900ff8489d3b2e67

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ade57a9892c105eb146676b760e41e1a

SHA1
4ae761adbe22de8b6979c1e3b6f9129ab8ff2c11

SHA256
273783621ede4e3a64953b0f7bf0d9fc8ea1d76a0d3d822f94f568a1d9a36eb6

SHA512
aeaf10d02cc568f8f5a09a713bbfd0ebe83d7fd2f66903bc8a64e75ff83d9e438fb937c2f76b5424e540b10f6260ca29477d8eb7370f35cb3ba74ddf7892d8fc

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
5047f47f34dd141873f69a998ba67518

SHA1
778e90a0584b4fee6e5bf9792610cca23cd77604

SHA256
cad13ccc11d701d05644b3a1934569feb88add5c236d235e924c0d4027cf6c10

SHA512
0877536c4d6c9ef1fb0319af7ecd3cb305ce03a57cf2f0f31f758952e7c42b280744ff3ef77237a2e0364ea6f41a1a8f11e5c0755233ce5fd8c607354c9d9390

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
a7116051d2eb51709e3d3efa8648fb6a

SHA1
129533017ed8e632351801688eecd5c0a0a31456

SHA256
42f929ff3d6244cc5a700643ae3a091815bc69b735cedf58f3f515b1fe8c1482

SHA512
f1d3436375fb038693f677dbea0aa185d2a117b277274a9b104b81af75f74e036dbd235d18e385b1965c6f7240c1eebc7932646043b949c823bd2d9e090fb0da

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
5b3f5fb50ec34bdb714b8f9940014f21

SHA1
2237e1505567b595858e1b2cf192f83c0677f906

SHA256
1ff825abf40067a22e20932391e7b44b774f0fddfbdf6477d748e6803e1064f7

SHA512
f1ff5cd13e8d74641210c73b6982c64f78852256a939cc2e2b60db57fd5532093557571fb96fbaa5d2a942a2c38cc76feace633893052290315915531ff00f68

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
f7ad3861017bc658edb965b72f7bab4f

SHA1
8d3dcf3d3d3a80c088fe8f6dd1b273f583e53b17

SHA256
811fe708b9121a6d4286482eea0912a100247e3910e587e2d2ebdbe41db09053

SHA512
a83a7fedda057a6194dbce2778a1cc270426e2c9ccb12bd52119859a1f9139731bd89ba2d220f8b871fddd89c6c1cd627089bf6a5b438564182c89445cc2b2ce

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
1345a421570b18071a62a52a9cb6267b

SHA1
e2d93822b01657deb0e2c0af65b6609613dd9be0

SHA256
3aba168a7b6ee4168486fe3acf55e462fc686c7bc8f2241c34a78e9a6d4ad6b6

SHA512
33c783c9d93604048c25fb0136ac81e32e1b346581f41f652a03ecbbe6f15f76e20d78c0dc7473b597636b82768cc4ab0c55df45b02d358b2b539d5c0d6edc38

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
3e05ecea6d18aff4b7556aa9c4c7212f

SHA1
9c086df62643e6bf6b38e76b5e4f6eb7dbe8143d

SHA256
1a16fb712f840408b23aeff5e5d4e60f78fc6b0eb7e53be66bbb25ab1f924852

SHA512
63d39bde2f74ec5c5e292c75f55f69bf58fe869c417de50bb5bf1a5d9c05eddae308b64b9215da60e4e7b75600e65d3794728c6b62772087ca182c910dab28cc

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
29cee2724cdd09791b253504f99c4a91

SHA1
1308f8c98fc1faf82136b761790ace14bf972413

SHA256
0a99e33aadb7c9e37caf4375ee991686ef4b498fabd7062726f87e4972f45c1d

SHA512
632d6196f2bd11f12162ad9728092276752caa96e4b568ca170fc9f9b3b2e1cfeaa73c13bd05cb7dd1904d009e03094ce9b3880fd9516e34cdca0567e93cabe7

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/com.crashlytics.settings.json

Filesize
710B

MD5
4d36f78b936aa8ee2be12a6ee457bf12

SHA1
97c45b08c1ecb96fef2520ce06ff45efbe05b28a

SHA256
76116461c2470c02e71323770c35fcd0fd75f91c69418b239cee6f3d16bbe049

SHA512
ce19eb618b285003f7e28721a99706f554db22b86439af022661a000a6b26cd67b03a887af6025b2c7fd842785f32235ada4be0d1227cc0f6b9993bd306492be

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-6642C814014A000110996C4953DBE11D.temp

Filesize
443B

MD5
37df11663059aa246ebaaedff338a3ed

SHA1
5e50d149c5080d19a2870a7e84611a79838b8943

SHA256
a8e3c8d09453f712c8c4fe2bdfa8293a254320aa109ba1d8ace055ebe007a287

SHA512
d75064b1317803b68678d8ae18d9899074c873a8c713e9be6b52ba0e6a784f1a92edf14ef702453a56a6ccb4a1ed8df87dd179d04d7eaa0205bc97bdf74f250b

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-6642C814014A000110996C4953DBE11D.temp.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/report-persistence/sessions/6642C814014A000110996C4953DBE11D/report

Filesize
732B

MD5
a62aab6423b7c3da553cc78ac14c7b34

SHA1
5f1c6007c2c84c58395938568c3044a92dcfd21b

SHA256
fad46cb55ac174b2855f6f6ffa753b59c33e9ea8718c817a5709b14bc53af822

SHA512
8588bd748ffd37ab297c18ee5cfe222b64bcc45db7a863ceb4a3643621e54cccf2c2bbae6b5f5149dca9eb3d2b37a65eb072ce95cbab4cde7370583c0e7fd495

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation1477079565863349963tmp

Filesize
562B

MD5
9d002c58f514b4febc3dee8383f2aa99

SHA1
e2df732d09ef1230f087e50efe2ed64ed62f3f48

SHA256
959be4d3fc3da850780b619770e36c384d2a67ba90fe0e37e4e134615219373e

SHA512
f10f6af54549072575291c09d1ce0a0d0c758ece83670f9c71ff10a37bb330166bd45a760acb3f87831275479733ae94a89b982d7749047ab41874d1ccdc98f3

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation1968064613314595693tmp

Filesize
90B

MD5
bca089070c02c73600a223aa722be01d

SHA1
f7e082cc0226f1f165ed833fdb01c7d3a3a3e6f4

SHA256
28fede1a3741213ae758f738e17070dc1ecb2ac2608213b0c929346d20e6399f

SHA512
124a610700ee0f4ff722472fecef4751dd317eeba05e4c4ecadcd5ecddb43fa6a0fb05cda045a441d9ad1301fc5c90296312c402d5c5455dcbb2f9977890ee01

Download Submit
/data/data/app.EasyLogger/files/gaClientId

Filesize
36B

MD5
7eca28bc26b7f670e9d23f76af245c15

SHA1
fd218feb4505523e122733865616db0705d7b1f7

SHA256
f2a8bdeecb6fd087dc41652d919a80047db76bfdd75f98d853d3dc7d208b4b44

SHA512
e5499385bd0ebc7315cf61839a474449dd62de29d88914782632ce4ed1b7f3a0a3be33e54a900f5e1301ccbcb77ed397abd7635f6f2f61ac133f56ad7a065dcd

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
3e736cc42a9cddc0a76686b53e64e71b

SHA1
061e3f7210ea16c375c17b606a08934518a78128

SHA256
b365c46ab923e77da068fee726b41c318028c882df4ac984cc82512b1f4f1ea4

SHA512
9be350cbcf5e5b884532e115de69009bfb64034a2ced272c9a7116a83752ee44813afd421919f224f4090ffe1cb9656896d1a9865cf89a4e87e9d6f5e4805008

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
8b1ad1733c410b105392dcf3d80e94f9

SHA1
00994da164b11d8f636a52d918204ae4c11445fa

SHA256
315aef6659cf1e9c17b266be98f9c8fabfedcb2eb9750ae91e24596baa8edfeb

SHA512
7671957b8e6fe443345029a4c86022a546ad9a213708e9c20a4e5b3c4367862b58ec1873bd82af8295e97a35df1f7059cabbcaa848e5a29b29a2c9414f75b381

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
d235e908984cdfbe605e83564f57ac4c

SHA1
4c9741fcce3782685ed17803aad4e075a2ecc989

SHA256
81b4253fc558bd10f15589602759f37437153be2fb5847b313bc276fcd031cd0

SHA512
658468d30dbac9ac8da6259ffe4bdb34ef7555da56bf115ccdd17df290b15b701f3408063e33cfbbe96192078e9ed6f5354665d4c38bcced9bd29c5835bbf7ab

Download Submit