Analysis
-
max time kernel
47s -
max time network
139s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
16-05-2024 01:59
Behavioral task
behavioral1
Sample
798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae.apk
-
Size
5.8MB
-
MD5
1398c9c6999be6f56f2364ec680f8557
-
SHA1
396c173b4c084afc3a2c89044ffa42a3f0e4dad4
-
SHA256
798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae
-
SHA512
49ae3724b60f40ac3646a44164fd6879480d895e1096825f484d63d286b5c5b8f2557bdf752f746651504bd038bf9e93dfe7400977e2bd6ba24576843b3393dc
-
SSDEEP
98304:BUlRb+MDHwasxU19o7SDWNYbM2Wlghs4DqHvSse0EpO9X0xUCd7Mmp3/U5uaMA:CKhdU1xWlQDuSsGA9X097MaPUo/A
Malware Config
Signatures
-
EasyLogger
EasyLogger is an Android stalkerware.
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/app/Superuser.apk app.EasyLogger /system/xbin/su app.EasyLogger -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo app.EasyLogger -
Reads the content of the SMS messages. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://sms/ app.EasyLogger -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver app.EasyLogger -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock app.EasyLogger -
Checks if the internet connection is available 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo app.EasyLogger -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Checks the presence of a debugger
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD591eacfab0c7446fed4ace060e70118d0
SHA161d444336950f1d1e67539b0756514425fdef2b4
SHA256190f320ad3ad6f9ef9ab85e3f07207d3a15fbea78116b47e6e1c175af3a08669
SHA5128856049f9ae6481401b73ff33ca55d6a5fc5c4907643d40d842b5aadbdf93c8790fe4d1d3d403d87f05e0afc54dcd20f99c38711c5a6f25426a48acb3778eeb9
-
Filesize
1KB
MD5fd25b31140091cd6373e31523ad832df
SHA1325994e9007e92dedcd504ca20a5f57d92cce87f
SHA256b5637fb5673571eb5a82cacb0a7a5b98c764d6ba7e99c3d09bd37690e42ec9ce
SHA5125a010cd2fb5aea47f566e7829cad0d0b71092e492872d60a069806a16cb4e6cc755a314fbb9ef104bf82d9544954b15c1e500284d64b2e010206697d7965021f
-
Filesize
76KB
MD5247a9a1ab8a9d50b768aea16f443ee52
SHA11b8ef45ad7df4db30e70051835585e526f7fe488
SHA2566c414fa302b351eb7df14144c5c36a7ddd181615cb540f012ff67005837c9796
SHA5126285e17579d1253b10f20e00f40aa8432e58a0e7b0b080c7ed52eafabae8f339f250897164409d1bc6512359557545998042fe41fca2e7b4ead85ab26918663f
-
Filesize
512B
MD55bda1c4d4ae0e96ca0866a9d5ee1c4b6
SHA1648eba8c05098b0d2606c41a0a6ae413543141a6
SHA256928c58a0298fe09be20e9cc6c8533581f8df370fbd55729178984c4fed14479b
SHA51221a1d672481878d267427de8c85422f9e89263ebe69586bb554f9f02483658cf4b18e5461c9368c3ae614feb6a39b40932ade8553a0a451455a2e95a01577691
-
Filesize
140KB
MD5f040237a47bc2e5b729770ced77f0fa4
SHA13b9969ca5a6ebb4da2c046c97335dc70d68c1182
SHA256c6c618a8d3e5d174d51a5d00eb2016bf60673d397101408ffad473f5cbf64bfc
SHA512a969e185d6e88eda14515cec59bd1e47f96fb0ec54546175683ece4faa3187985266b2fbfd0b1277a0f388664f74d321b8f31ab3c5bea70f91ebddb99d2e43c8
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD54c0aeda7a026f61cceb23e23c5165cf0
SHA189962605190cc0d18ac99a2e23679318fe2f1fef
SHA25677592fc578762a3225e85ef3a97466ef125b4de23c1ba35176fb01d2349c4cc8
SHA5120f54c5557df2c3a81bac1b43b0e106b7c9fd3357df6865eee508700590e56a25594d32a2745c4fb50a09f173312fd2f2bd10621b9320f8114329b5d53a720ed3
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
52KB
MD543eceb180499edff7353adb65cde1e40
SHA12f00a85dcaf94fcbf7d37c3e350eb407b604ff5f
SHA25627ffb90112f52982d3d5d45ac6604029036e770eb7ccd5a684d455cbfc324857
SHA512920575060886de21027d75e1d6f71992b614d2b94d7f7d5aaaa6d6edc0238c0774869e926c7aa780d89393f80c27f9943a01e3066e785e87f61ebe432c113fa0
-
Filesize
512B
MD57148a3da2242262a9dee0d0e928a54f1
SHA1bfb9c3bfbc2a296ba4766e6c9f95ed41630bfce4
SHA256308925777eb03743707bd1f55ae2639c039095b0d9bc08f569c44283fa4a377a
SHA51212b058fb6e23a9f5c08770dcab539b62cb559f25853dc587d40668859b5dc21e8b4532329bad29ba086450247d7eb8641fa31af7a718ff2999c80b513cacaae2
-
Filesize
68KB
MD5265b4c086ad98630307c8c09f18c6c8e
SHA1bcdb26a0bde3c5a0f0523b0239971241e04f0c9c
SHA2562bfe547bfe0f968524b083872cff58cc4098dc015495283d757718fba3e7664f
SHA51266b9d58b13abe5af70ee770b019fe6f6be3acba10e01096ede5f7f6395386009dc014563a33b3b5bf95b64729259461e2014aa7e83d972f2641daae6f9fab3f4
-
Filesize
16KB
MD57237409e0640cfab7bdbd429bf821a3b
SHA14c3da934842f8d4835dfe2a9c275a300e5123309
SHA2565c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f
-
Filesize
16KB
MD5c3dc6974bfd3cb90c3c2c798024c6d8d
SHA1659eb389c9deac4388b454be99c0f4e6c8f84d03
SHA256cfb59b1dc66509b185f708af83db9768775122d08c386039161107cd0f851cf6
SHA5127cb85a8969fb402e8fb33993ee2c5061a44cd2e566d153bd40082919d293452209f8206b1c7a9b35011dba96f98e544a310faa13d8e2ae423000c727c64b2cfe
-
Filesize
16KB
MD54282c3cb14b96ba72c61fbb8ac681f3e
SHA132e2d12f54f3dfed7c9789728e58980a8c55c9cd
SHA25648699cd7c9d2610ccd7fe41ac53b5af5da869def486cab8147a3962728af5f37
SHA512e12749020a680d8f2d13721f332de18f7120a63213a6c551c8590231c55128c99dafb52101248e1ae4fe7f188050fd6cfb8abfc6df80e44952e5fa8242a55648
-
Filesize
16KB
MD53a530908f94e70e697346b757c9a2efd
SHA1b4db886b980ad16f57dbc9a3f480f58a34311e29
SHA2563900768942758cd40b85e582b440bc79899138db2ae7ca2b0401faae048bfe8e
SHA51224e2e3e96c9ac81afbfe8c642c389e8a887ab59cb95292b7f3b89d9220d4e8ab5044e8fcbbfc82903bb83036c7a644ebe3346361d3cd2b6a4ae13807569f073e
-
Filesize
16KB
MD54f55134794bba33b7be9a7cf42ebbf60
SHA187d513693da12985ecbe26a24213504a02ba3c9b
SHA256ab4cc2cc892d2db68bc7b29d955212dc000e851e2e88ce51339f33d0731a56f2
SHA51213744918e84a6fcbed6d43d11be6a47ec1d454981801bb72468d120e208ab52e348130df87ac93a9be5acf27fb84e153e98ac6794398f41dc8b4b652860c70d7
-
Filesize
16KB
MD5ade57a9892c105eb146676b760e41e1a
SHA14ae761adbe22de8b6979c1e3b6f9129ab8ff2c11
SHA256273783621ede4e3a64953b0f7bf0d9fc8ea1d76a0d3d822f94f568a1d9a36eb6
SHA512aeaf10d02cc568f8f5a09a713bbfd0ebe83d7fd2f66903bc8a64e75ff83d9e438fb937c2f76b5424e540b10f6260ca29477d8eb7370f35cb3ba74ddf7892d8fc
-
Filesize
512B
MD58a6ac4957b4247d2cfa2a7371d0dcd9c
SHA18addecbf9afe929f953d16c273395dd656f6d66b
SHA256de75949ce535337054cc9beeb8941a269c308d72950ca7ad6989ccbe0ebf8d77
SHA5129bd85589038061d81e0266d4b1cf31a8c0f0d1e0b2289ccd7bf0f453173fa66c5d64ed614ee7c944747837a50514000670c42103f76260a4df16658f522d8680
-
Filesize
36KB
MD5d4b0f587ba87adbbaed74d03730ccc7f
SHA183eb9724ac539e6bf85c0ad72180954d0df5caa9
SHA2561eb4f436b2c5cff8b95946620e233594f2021622a2731c0c4de8cf4e5be883b7
SHA51228d7c9322ef4472c58dd153e75ba130402d57a0b1b47e5fe9311a88d2e5eca9c905f40266d0b4aa34275e3815af210fa9435b79631b6da103a208a4771c8e5f7
-
Filesize
4KB
MD5f7f314033dadbac984094d2f52e46d4d
SHA172fecb0c5d2fcf9e399cb3ac73f5ee73ff7d7474
SHA2564b69cf2ad34825935a3f038db4b2d324fbfec643e21d04da9f028228f2307542
SHA512b8bef7601a6d412b4d8ec0d09093d02c94e521cefd2a108e91dc57a2b57171fc6785a8c9ebd7a3f5211a9632a64dcd006da3eabeecb7cb22fc08dc9dd227e74c
-
Filesize
4KB
MD56ac6a63b451fa63fcce5f906671419ba
SHA179011946de4d2b5b35efa01ac9054411b260cb8c
SHA25631b8d38ff2717eba3a69f130c78d29e4fee23998149bac5c91baec1f95be9777
SHA51297775f4e5fc55e310d2b757de527d138a7068f3da2acc604464138c9e2df32c11f532669cfe32dae71368f715bc2b05536a58b1237521fb50969dadfdcfd3566
-
Filesize
4KB
MD525910089d4d9116e0f073c8f5728009d
SHA17538db96f3b8b0b066bb371d958bcaabf7c71e66
SHA256e89dc9f91cffccebceaea451139e423e3bef31b29f9e79dcc0cef531b6ee7b8f
SHA512093b016946ce93d8e1df5efb8c995c6e2d41de4383d74025ca6999b85e88400351082dcedea9ab53eaf794e1eb75c78c7020b7238d4ce80c975bb17e60caa003
-
Filesize
4KB
MD53696c34f904269679aa140bdc2032955
SHA16ae35b622b97f0ce82224136075d32bedc995977
SHA256af906ef88cbf2dd210a9ec2fc957ea007244cd80bb70699fe426f2de7c182313
SHA5121b96cf923b4163ebc997d86d7c8f3cae17e9c3274b3abd2bab7014fa2176db1cce02db874562405ee327fea0e374036a0e7055c70fbe13f13fe54313ceea5443
-
Filesize
4KB
MD538ed55bad0bc9fd334c1c9b556035b33
SHA14b5eb2aba1f51543dd675fce5b6197ea0f32cd68
SHA25684935688258b2b699552f9eb76268408ac9caf900a44f19d209b258e8d13998a
SHA5122ccecde3b45b61e929154bec383c50ca4cede99f91fff329b90a8ad76b7cbf284509771bea5af562a1779c0fbd6211e36ac9d24d92aac401eb9a8847fa37952c
-
Filesize
710B
MD517a392c8a97bd651b18353640b0152cb
SHA10f42f9f73006ec9106b2422ff41c4031f9b34a98
SHA2568768df908110a75ce43679244c04179783bb1e091b295c85b9644f15fbf90929
SHA512f061736a404407ee8bf5b568f0becc9d0bb7ab3621aa02924bee497b144ad7cc3db65f88d208723868433213840d35770e92d7df0a6473b3f361bb87e24f1b27
-
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-664568A3038E000110B5A3D7EB16C827.temp
Filesize438B
MD5be97bcb67b503565a6b4f25fc31fd7a1
SHA17281d715237a4d2d952f2bbad1e4ab6b7d2c0565
SHA256c188e4bfc3b62655a681eb7e0e770225316e19582224164aa9b0b4d90f4e6f18
SHA512cce44b0822bdc3ec860c3f277f84d7b9e1177778c82c9402d06994e8140bf4da772920d8b993b1538fc20072e45b4342e8b357cdf23779b37bb69ed554bad92b
-
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-664568A3038E000110B5A3D7EB16C827.temp.tmp
Filesize16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/report-persistence/sessions/664568A3038E000110B5A3D7EB16C827/report
Filesize732B
MD5251d79c8f305cc56ef60a4aa4a4ca82d
SHA18e88d9679f8fc3341a614406d167dad81b93021b
SHA256b7f620fb3df741892f0134c16d74c42985c51d7521eda3d181753eadfcaa387a
SHA51297cdc604e08acdf2e8a27638c4256d3ef96e0e4890817899823ef86e1eec5f15750cac9ffea1cec789780a68f90d4d2861cd90280040c895996ee207cc1c0af6
-
Filesize
563B
MD5b51a937b2c9726d019e195d71d317ce7
SHA13d712dee575547919005aa7b00d20d2270a70e75
SHA256a2d7a33909dc456d7c2f8d990eb18f9349d425536649175921fac59a49a00692
SHA5126af864cf821dff875b45455570bd7cb23e8de9f188638fde953f60da4e07cc835e1d57c9d28d16e81f4a84dd23952296ad7cbe295cff9db476b36e3d0a722e79
-
Filesize
90B
MD55ce27950e48cf463d9f411f993e273b1
SHA103c5db0747dae9a95e126697c082444a480aacd1
SHA256ba9e0c632bf5234a345190a46c5b2d66c3668de34ed5ff33c2ad6f25119512d6
SHA512a7ac51d4d1dbf9774c79875645a2c727d503d8dfedd3f4d218c8940bd9361afb765f53f3ce4c949b70fca9c734213ed74e503a77b53140a06c34ed57df6af475
-
Filesize
36B
MD59fa8652325546395d2c356740dbfbeca
SHA1d6dcd8c818e74e44f027e3aabd275d9b77cb842a
SHA256f363c291fc40fdb0d4b4c99cffc178321ddfd0984fb5afe8b76694aadf44da61
SHA512f8071814715e5102a61b3822a99674704a9c162fbb1ec72c794fbb7c85fb7d29f6f94ed1a295ffa28d73bf4cf4a51843044ab8fdf5209dc934e71539b9056944
-
Filesize
512B
MD54c7ed8683a0ee6aa2f7bcf7684731142
SHA1b23bdb6a212e4bb26670d9a27b7bdf99682a6173
SHA256d98d433b3e3677b42ca4fb30e50795405a58ed6e0f0a9c8278844ccd8431d0e5
SHA5122fa23201b1684060cea1f0c0e3abe49ddc9f355bab25d75b0cba6ff4abc542d04f8d0ad08c9719b2922ff5921d7571f30d17c03d421ffd34049c8c917813b665
-
Filesize
16KB
MD552744062c28bacb8d3baa01c2403c880
SHA1c9bfc8639b6d7c1162bf71e19ccf066bc005732a
SHA25626649360655d8a376adb06cedcbfb59084056d675b4e496af60eb39eabe7c3e8
SHA51225d16d3119c6b7318749d25e576157dd49370408a859ca0c4d6ebc2541c756c7bd94375ce943ab41a773004ee4f1eb51a931ff3c12e54f401ceda324096372e6
-
Filesize
108KB
MD5fdfe8550b226c4ac70ff547dae1b5b76
SHA1d8a28ca6cd08281839ecd8b64ea3090278eda8de
SHA2560d2f0830e37f4281277c9b96ba4c8d2a001868ecf913ee5924e83d5bb3e5f255
SHA512e9dc02ac4bb1c238c86713711fae5ba85fc10748a6e74a89393586bae5e5dfda573da4458c957efd42ee9891d41b0761eb969676b9c90b8588337b421bedfa6b