easylogger | 798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae

Analysis

max time kernel
48s
max time network
133s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
15/05/2024, 02:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae.apk
Size

5.8MB
MD5

1398c9c6999be6f56f2364ec680f8557
SHA1

396c173b4c084afc3a2c89044ffa42a3f0e4dad4
SHA256

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae
SHA512

49ae3724b60f40ac3646a44164fd6879480d895e1096825f484d63d286b5c5b8f2557bdf752f746651504bd038bf9e93dfe7400977e2bd6ba24576843b3393dc
SSDEEP

98304:BUlRb+MDHwasxU19o7SDWNYbM2Wlghs4DqHvSse0EpO9X0xUCd7Mmp3/U5uaMA:CKhdU1xWlQDuSsGA9X097MaPUo/A

Score

10^/10

easylogger banker collection discovery evasion infostealer persistence spyware trojan

Malware Config

Signatures

EasyLogger
EasyLogger is an Android stalkerware.
trojan infostealer spyware easylogger
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	app.EasyLogger

Reads the content of the SMS messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/	app.EasyLogger

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	app.EasyLogger

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	app.EasyLogger

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	app.EasyLogger

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks the presence of a debugger
evasion

app.EasyLogger
1⤵
- Checks memory information
- Reads the content of the SMS messages.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4282

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492

Filesize
1KB

MD5
cd6149cf15797002b32596f607fab920

SHA1
fbf5cd2f708c4f4946a2a13653000120a0921057

SHA256
2497a5e34581d3818b16cfe935fea7673d2da01e6c67aa5e9e11e48b0908a4c2

SHA512
c2d26bb1c87aafe22cc35f0321b45b9a67bab47c46d4e0aabb5422609c62a61f42ae833e64fe5d6bc48eace0a5b2a7373971104fc30f8c2de7f5915cc263a699

Download Submit
/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492

Filesize
1KB

MD5
486162f210533f38b70cfb38206f8c4a

SHA1
3f71ddc637d9743940ebe96bab8bf488f52f23ce

SHA256
836eaea95692d9c65c2117cfee10efd92e8fb528f16b3d193520bd93c9180b9d

SHA512
8c43f0a7e7b6a4208c8f8aecc12e4f97082ec2d28e3ec757b2f2f122785a3a9ddd31ff4aa47e0c314564d432d7f6a2017a9eaa306e016acdbb98e0f530e9904f

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db

Filesize
76KB

MD5
247a9a1ab8a9d50b768aea16f443ee52

SHA1
1b8ef45ad7df4db30e70051835585e526f7fe488

SHA256
6c414fa302b351eb7df14144c5c36a7ddd181615cb540f012ff67005837c9796

SHA512
6285e17579d1253b10f20e00f40aa8432e58a0e7b0b080c7ed52eafabae8f339f250897164409d1bc6512359557545998042fe41fca2e7b4ead85ab26918663f

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db-journal

Filesize
512B

MD5
dd006ba60e189636fe55a1b9269ba091

SHA1
2f4e632133938e3f7cd5116d9f1155d57eea5801

SHA256
f77c3c2f5f88cf92bb9d060e031a0e1a6d249e8cfcbd7eaedf66241c0261eb4a

SHA512
06d69051fcb9e1917c84ded1481600169db4f023fff3fe647baa43c1757c7110cc3638fc027539679a14cef3f176cbece93dbc612d6446ba6f95e0fac7b7e85d

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db-wal

Filesize
140KB

MD5
b95fffce3e4ca192ed470e62ad53e8bc

SHA1
86c1135691379b7fde354826a2f4d492f3937845

SHA256
d84ab21dec7912a9501299ae1205c98deaba089940bf06a95c9bc5bbd39a0dd5

SHA512
5d03e818adb4bdfa68f1671eaf5a1507a7b808cddc465d9cb4574c93f3082f315920b1a25a5d59172fb00b3df836a0a03dae94168deb243d98b4682b61fe6d24

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
27f4b8b314188862993c4d514770b098

SHA1
44cd38b9d9c11ec5a55538f4b360e44ae25cae75

SHA256
9b99678ca57190c2f9b862bcecb66c9ac6303fd1ff6cda7ab0e9a2005ebe187d

SHA512
a1f0158ef1cd99ea0108f0c0768ee8772fa80c5f7d28529a4d486b995fdc396cde73b47e556055238c27c3b300e3638244ab097ac0655e60cd272d2dc5e790bd

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-wal

Filesize
52KB

MD5
4991519343ab2347cc6be10c3e8e0610

SHA1
3773c184a46939ce53f36eafd6919a88caf1aa5a

SHA256
42e0dfb3246d5d2d08e7986f13db0ae924d92fa44437c69f5c0be73f33f76591

SHA512
c098e00b5206cfd728fea5dc1ee7e13a78340389e029461b3e90e2c920c00d206ed1aa641576270e241255c7392a4d9356781ae5b4f46a20cb26c4839e1959d9

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal

Filesize
512B

MD5
1043304429904f009e68cb8f21de5021

SHA1
e9cdeb56ecf2a4d711c61e6f23e1046d3d3f1505

SHA256
873422ff2d464f46e498879f19d9fb7cd248a0a6e1090244b115f39477c67ca0

SHA512
83f7f8a6bda04697613af3bfe6831773ac4ac68533ff120ce6e67eb7987a733b87de134466e2dda037b8c629fddfa9bb1956ed59e993f348746b5b87ab564fc1

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-wal

Filesize
68KB

MD5
5eb639cd68e5cb57f2e3645d244c2650

SHA1
0883aabe50264a48f28647072efb36eebf9a23c5

SHA256
2fdce6f857ecde9b898f141898b8eb2b877846a3d6a13f5ed4e4126d39729093

SHA512
20d85fb6bf912d9e82d337c52bb50b49292a7d1452d277a22404b2540f35f5898e2b661861e17f36c075dad39752b6d3c0b405594623e2bdc27cb423bbbdbbee

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d24fecf052ad91167d8da75d8666a791

SHA1
0fe324893cba7e021f4898906b53d57d998e99a2

SHA256
6957f1a123b5acaedca699c91ff83e06871d37bacdada2cb558e84a8d917f1fd

SHA512
40f5c9a8b17e8ee423a3047000fb5d152a51f0e0d328a2b623856a101a14ea909bce0e5ac3b9bb42048395d18003f1895a0e779f9ddc300359f074da0028c7cc

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
0637da6a769e9ec3016e45c0d250309a

SHA1
56c8f1b0c9437ae67898b8512934f8dc058fa8b7

SHA256
f018352bca58ec4a3efee1ed9cbea221fe4af7c0bd25d2dc4a03ea86b26240c3

SHA512
ba31507c1a2b5f54cbf86bf859ce1e3495fc450f32a36f87506d49e46ad4c8ede7e48979016ac934056b9541a05d3671f53c8c6456824dbdc4793d48117ee449

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
a0c97a5c3e4b6f0379ec991a4fe44aab

SHA1
ccc037982de39e46ce99bcde1bbcbd657e2ce90e

SHA256
c0723e7b1988cbc1d498ffcb0dab60608844504d4eaab4fa58351e33e77e1f22

SHA512
4727ca4036dc34726c819884fbe540076fdc2442de338352f74c9147fca96676f58bc5f1f0b157189b805f09243181dacd16cd660877bc1aa1e40451bcadfb29

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7e1520ed2873ff9b2c9cc2697b4b7f2d

SHA1
8244c76593408dca77e9d80e2603bef7728cfd24

SHA256
2a3d4b1ded179005934b8f1dca82507cc1a5addc34b081b8a74edad49962d5b5

SHA512
9a00eba80e68e2ec92dc757e5dc1ed411d5134b2a587aa303e0f908d024893941fa1b3ea1fb434f1c761048a28b0e253a7daed338a1214c9198f3786f3199068

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
ade57a9892c105eb146676b760e41e1a

SHA1
4ae761adbe22de8b6979c1e3b6f9129ab8ff2c11

SHA256
273783621ede4e3a64953b0f7bf0d9fc8ea1d76a0d3d822f94f568a1d9a36eb6

SHA512
aeaf10d02cc568f8f5a09a713bbfd0ebe83d7fd2f66903bc8a64e75ff83d9e438fb937c2f76b5424e540b10f6260ca29477d8eb7370f35cb3ba74ddf7892d8fc

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
ff97a2ef94e65039a609ebaa88e384fb

SHA1
0d4942e2a801bd88ebecddcbd629426e4e2f45fc

SHA256
de416f0c379a85c0edbf66d77cc1633d73588f05055cc60458b52ba083a7981c

SHA512
9d4238077503dc9048c3a1023ad71f986b1062f6d3b678660390128cbd52ebb37b6f2e4b0b6c0222fd588048b1f30b78f1e4a7eab82380dd8f64f8864b2aa6fc

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
0f0ade45d9e2544344cf9d1b86ae3bea

SHA1
0df025788329385239ebbe3130bfbc5f7cde8302

SHA256
62892d29bc30eea4a34974bd0774bf98d2a84e796447362281250b8063134025

SHA512
3ef9dcf1306bf14721fabb0c6d464d2a90578b6d22083eaf7e2f0046b2e26cdd49540c4d124bfe97cc5bd23fd29f608770bc797c5205ad949b3bb92cd01c9a87

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
c3a10728337e52d8aa927e681ed94705

SHA1
07ac47e62a7eed184fa18ae68cad9648a6045a3e

SHA256
6eab028c1facfc48cba5022777e398ea3d6ed552a7ebfb6acd83ce5a7fbcf3ee

SHA512
ff090e84cf73a1244ac3f5fe1f00908d8a7d749d0e626062afbb8b97f4ebca8551eb950406b103ecbe7b6e416f87575e20bfbe35b9aa73df3009521661acde5d

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
181df89c3dc5c5339bec175981a91e47

SHA1
7c4e3d97e81caeccba67a9930feb30fb96ca01ca

SHA256
9ec31508f9a223822f7a5a2904b6c044aa37756c8d9a2eff1257e6fb191a9374

SHA512
097f40a5803ac4e8d05b1ddaceedff082f87db97a0f073fbdc78fa8c51382dc48457dac3b783780e239823fa83927d60be262ed05934cb2018910102c668f522

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
e44dc9502cb3f7acb32f7792178ac134

SHA1
dcb2af076ae144786879de552b8732d752b574c3

SHA256
e8448207a176af2c64ca1dbfbfb6171d535307121cf2ab5ee40032f35faa64bc

SHA512
82d1388ea91f7f5c2702ecaaff352cc85bb7f5fec4b72b2dea9d31622ca9e58937419b74a348fc8bbbe9c635b5cd4503317cacc56cc0a654df2c6c7b9c5fc0a5

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
4a906ed909ae39b95350e8fd8f82f1fd

SHA1
5d14832e2dcbe2bf8aaf816d710a560b6c2a9146

SHA256
ac477e1ca6a243b828e45e6b00e4ce96bfb4f0d4f9cc21154b280edee3b1e43a

SHA512
bcdad159e33a756b17fb1b3417300910f4774a15c76d371f413ecd5de888aca044a7be5edb2cd9284c9d46e35c41e52b9ab1f6099634344a1bd9b52c678c2ecf

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
9b6d5fe7b7849196f6478ee5530ff0c8

SHA1
a6d90d500c10c07e41c74550e40d53c6330e68ff

SHA256
6922a0e5afbc2c0fc8add7fb5a5502e64c0d2ac480c0cb54e9c6f26bf5eb8ae8

SHA512
b51a11eeaeb5446c11a840d848ad299f4653d9de6acff71f91a1c8b088133b97481f8fbd290b5521df02b93c89548cb0c8179de0044914b5941d4531b02b5313

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/com.crashlytics.settings.json

Filesize
710B

MD5
ada36bebed2bc742859e94a75916cc92

SHA1
4924ff5e12845bc41513a5d389836f3caad3a499

SHA256
0735cc89bc1100360f50f30452958b5d82c366a37dfda05fdf14bcf9d40a53c5

SHA512
d7a3c32d4f61359b772ace24b9c7c5048c88d7d1780e36555772a9887b25c7956edd82b01ad7d86f6972a5d405f4cdadb88f3bf6a8b4683a5cb12eb3fc1b636d

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-664419600295000110BAA56D2C921016.temp

Filesize
438B

MD5
b4fc7c682c09457266e89115cb135ced

SHA1
b7af18299cdb5c182be3042d53758ff394c24b7f

SHA256
67eebd373e407358f80b787977cd117e1493c69639379b151835896efb3b78c7

SHA512
03b1b973207982958e257c747677e430a0ea3c7cf65950d36670c9444734dde881045c35263ad1859eff5898895d8e07370acfe228da3e18b150a2ef0abb4e66

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-664419600295000110BAA56D2C921016.temp.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/report-persistence/sessions/664419600295000110BAA56D2C921016/report

Filesize
732B

MD5
ec728fceea149b3acf9d840db6105987

SHA1
c453464859397c45558f879e2a47105e7390ebad

SHA256
7e92a7f85cb0e513702801e7baf694b1d5552c07920ed9ea3290ee2c78ac22bf

SHA512
b7e4f4718ca93c50d0dd7a3bd8cdfc56119b89a7a7f78f01f27499c88b254957878f72cacf94d8edbd19bde021a3164716aa5be287517507a8cfd09c33d7311b

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation3455112336225252416tmp

Filesize
564B

MD5
45554e81498f8714f92b1bcf3ff081dd

SHA1
ffbf91fcddf72e5df4548a901357d93a0f636183

SHA256
baeb296090f25cd6f0f50ee5b5751214255cf9a301b2f25f2f93e42d5aae4af0

SHA512
949151c5c261fc28d5a3f8a57f0c8174cc05acc2f385fa2559504922189539d4e200267b8dfd30dce16d427b6c6331a2a0b14e61db589e323f8529aaff6d4e45

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation5047649414962368678tmp

Filesize
90B

MD5
009fcffeb89ce1436b96ae55360a6749

SHA1
20d6ff552291f0de7982e385a59deb7c3d767b03

SHA256
61422978ecb0d1640bdfe512c06a333da9dde93737713d751e302168f5a5b0fd

SHA512
788f77273749f87d8e811fe9ed681a7137212b86e159872a56825d6026bb0cd3bc98dee619d23d7b96bd24649c37deb8838c16285b66e4cb5f0470963185fc93

Download Submit
/data/data/app.EasyLogger/files/gaClientId

Filesize
36B

MD5
982a0417203ab358893a28ffd1cbbb32

SHA1
2101f4fbec1d741fd3099890f4503bc535ebe9b7

SHA256
6778f056ff57ffd9112fc40fa49974a76e77f7e580ac5ec360a7bab99ce83b00

SHA512
23c635b15d5e4447a25949715b16f9be1be5bb0942f44d82693a98733974bfbcf26f117459336ad683785ab43286a9ef0899c23c0419d77124e1e069ec18b626

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
0f0d534ee273106f80652a9bf555602a

SHA1
8ebc1ff30767d1ae839858c7774898abd774dd19

SHA256
3347f5e155d361a00e531a2b4169da4b47a53766feb7028e03f02232af53b584

SHA512
12bf7637e8bc6771ba8628227ca0e983a18c5a12dc7bbde6358594b2a5d69739d5cb665a4daada7d5fc7269cf3d9d3a38db5693fc3b614fafd4aae974f1348ed

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
d1864ef83a5e196ab9ba7be571bf5983

SHA1
209232667b92d5eeb54ac16c9a2e688516004c47

SHA256
900e50599209f578928b4802f712a6cc326515ffa1369a13cacae637dac46646

SHA512
2d104d3504ba2f47765e6f32a9a0a967d9b65ab2959cb8da84b901b7848c99ad063ef7f27a4ee38df90ce0d4da99597c593fe357a7f8b69205d2e400932815dc

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
19262e12a1df74c197fbdac560874d32

SHA1
a953d41fafbc6ff6bdefa6885717887d04fa7b94

SHA256
49110a8eaee4996080ccb55a547a639dee88bbcbd13fb893601a3da8062215a8

SHA512
e1c53a8f2162b7cfe3e863ef7b9fbd4eee34a5f9d770de58c9f72ea9123435648cd438308fb620a37ad802f1b2a82a0303e6ffc7275730bb0a7d061bc62af179

Download Submit