Analysis
-
max time kernel
48s -
max time network
140s -
platform
android_x86 -
resource
android-x86-arm-20240514-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system -
submitted
19-05-2024 02:03
Behavioral task
behavioral1
Sample
798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae.apk
Resource
android-x64-arm64-20240514-en
General
-
Target
798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae.apk
-
Size
5.8MB
-
MD5
1398c9c6999be6f56f2364ec680f8557
-
SHA1
396c173b4c084afc3a2c89044ffa42a3f0e4dad4
-
SHA256
798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae
-
SHA512
49ae3724b60f40ac3646a44164fd6879480d895e1096825f484d63d286b5c5b8f2557bdf752f746651504bd038bf9e93dfe7400977e2bd6ba24576843b3393dc
-
SSDEEP
98304:BUlRb+MDHwasxU19o7SDWNYbM2Wlghs4DqHvSse0EpO9X0xUCd7Mmp3/U5uaMA:CKhdU1xWlQDuSsGA9X097MaPUo/A
Malware Config
Signatures
-
EasyLogger
EasyLogger is an Android stalkerware.
-
Checks if the Android device is rooted. 1 TTPs 2 IoCs
ioc Process /system/app/Superuser.apk app.EasyLogger /system/xbin/su app.EasyLogger -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Checks memory information 2 TTPs 1 IoCs
Checks memory information which indicate if the system is an emulator.
description ioc Process File opened for read /proc/meminfo app.EasyLogger -
Reads the content of the SMS messages. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://sms/ app.EasyLogger -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver app.EasyLogger -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock app.EasyLogger -
Checks if the internet connection is available 1 TTPs 1 IoCs
description ioc Process Framework service call android.net.IConnectivityManager.getActiveNetworkInfo app.EasyLogger -
Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
-
Checks the presence of a debugger
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5c8e840b59da2858a23ee24e6e3e1ad3d
SHA165927e7e7e26ee1829f3640f814087e7fca438c0
SHA25645a9ec9ffe2afd7f414d0cbde407fd9ffd8315fa3fd123c6904d6f39db9b97dc
SHA512a538a23433244da8038536d1d660d493272f1723e001e01550ce15d1a0647584b7f7a8f0057aec901d632b651209d4b034d3c6f820d94a859513c54bde224ea0
-
Filesize
1KB
MD50d26ade0f65daf2adfe583f9f1db8dc8
SHA13c544c9cc082b3b4da8a035e75342a53c21bfe77
SHA256b6bc16be8ca563b1bbd9a7f766088a218a57d77577a73296e3b85ccf0ae4210d
SHA512b58e520fff578a0619f5e9198c746c8d4fcfd517ee748c9cfb2bcf1dea1a3460e58799018683b5e93980c5826d69dd8b345b94168618fe14bd17563f39558181
-
Filesize
76KB
MD5247a9a1ab8a9d50b768aea16f443ee52
SHA11b8ef45ad7df4db30e70051835585e526f7fe488
SHA2566c414fa302b351eb7df14144c5c36a7ddd181615cb540f012ff67005837c9796
SHA5126285e17579d1253b10f20e00f40aa8432e58a0e7b0b080c7ed52eafabae8f339f250897164409d1bc6512359557545998042fe41fca2e7b4ead85ab26918663f
-
Filesize
512B
MD50e52ea2d547e10c6ab7bf0c6397e1fb4
SHA1695c85bd587073dba17b13a0f1586bf642147053
SHA25692ea5eb9290ca8146c6cbc5c35e0bf1e8286562cd8036e7f1df6b16754dbd594
SHA5127e5160c027723aac9867ae6db928fda390aade7c91dfd0f44469f6d876071e000e96e319a45c91061969c6ef133de99d2c5e6f862cc2fa4851869a3059bfd491
-
Filesize
140KB
MD5a57105a73f3e9a455e4fb932afacd71b
SHA1d99ca17a04db30be663697e70fd7ba8f1ad91de6
SHA256da716558c7b3868b2602d6290dd7e0ecaf56fd170bb6e8f32554679d883f5606
SHA512c4983bbc87a7b4eaf60a65fb2d99e6ac90ee4604d23d48b68722df8e5df1568fdc51a8e2b838afadd6f94c2d50a8ab6b374fed06ebd846b1bc9999c014b513b9
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5d8a96f5cf8c7c8df9ec1b0e014d5c69b
SHA177c367f277a1964908025a6dc215c33cd1d1d56e
SHA256d91592a40d179d0c46421f9adbea0089ef5e0c5b21f0b27f57fea3767a951e9e
SHA5128a441653ee10d9369b87d238df12442a879e19fa5482ca471612ed26bacf0043b27b42b32084231fa05f6b074a631ead73f0158318d0f1f68e85e32ccf7459f0
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
52KB
MD53d3801e885ab371095823ee5d521578a
SHA18867ae93864e00296d1177d4ca54b644c9101ca3
SHA256b489bde293fd7c91d185e6079b3ee9c8ffcba765912331d8794fc0213cef50fe
SHA5123fd612ffa38b9ab61de95c02983b04b8d00e4190fb1c329524664fe968069ae00f3333b99b42f53226c490eb55a1927573f4dbe9084e008c474e882e53707461
-
Filesize
512B
MD559a173dde1ce9056db0a6be757048490
SHA1fb18375273399cd134d36a2f61528a2e2a6ebe40
SHA25673cff37e99836db0e1b92f4235ce2c0e5491c54b7d042d68ab8e2904d284ac96
SHA512fa9d8ab9db68501cc5315214e42d110f9ee24ec3c4253823421d14dc34ed3c7be354b5c99a3a28eb22c1bd4aa1e89b61db2bc81f52f7cda6007fcb11298ce3eb
-
Filesize
68KB
MD57492a09114d35fcbc2cfc2c21036c0df
SHA163923d91d33901b5ff89f2bcceb061d10d5d935e
SHA256f8e3804a56ce21c3d44299bea38da5798c93e6e1e641e18456688a39a676fb64
SHA512c748849687ab714af3054cba54155d86addf6406242d16f7dab7b252eb8a333afe029cae0cc5ca94af88c00d126246984cd98379a2d87a4c3402b4e8c4a3930c
-
Filesize
16KB
MD57237409e0640cfab7bdbd429bf821a3b
SHA14c3da934842f8d4835dfe2a9c275a300e5123309
SHA2565c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f
-
Filesize
16KB
MD52c50fa4270e0d07183823cc1fa8b8e1b
SHA195e1fb0f00ff67c7de20e2ed17a9649c53c605af
SHA256851941e373adcb968f74030e0b8e66b98ae783e466753af050399f005627862f
SHA512900a3f50ff30c997efbe0f432b986bf6150f2e1cf3b487635c04eef26d1f770221550c814291eafef32bceab4aba6ba02987efd22952b3af4221715a1a604647
-
Filesize
16KB
MD53cff2f7c4b2a0296031b46c62d21ce71
SHA1f6d76eeea3c408df62006b69bacf488ba5d2bb30
SHA256971a438464950670da4ea8616f8c5523aad287609b7c987381a1bbfc47288e88
SHA512cd6c8b6836755d9bc315a14a2aad1d5e352ea9fba9dda3afc2f687603336d4438507b0668dc68fd67ee3bbf3011b6fbbf1e228513ed452911a90ebd36cfeaa04
-
Filesize
16KB
MD5e8a194a5576da2bca1d7c2b8fbc3ad09
SHA1880aeb4aaa60b0859d0d58ba155315046856e0d4
SHA2569ab9fd23d06e5cadcc9ec2d24f803f41ae3dc2b96de9138805b831a9b2a74c75
SHA51262befe306e3195b58bfc76314128577334eccf5857546e58cc41365eb13cdf96efcaf017a2693636d7f8c9ea68ac1253ab5ed453a68821422438825f33131546
-
Filesize
16KB
MD5bd4e0e2133d597eabaa6d7a69399f2a3
SHA1ec991bdcf71f421c03e5a074aa84717519812961
SHA25679b6522ea908b2dd3a720bcf59a92f28e1665477b42df6dac35325dd3b084c6b
SHA512eaf981ec8df6259bc98caab2e33d539e8aacbe99fe56778107a453ba591ea8ce92272c61635137783d72f96a1bfe86a737199560cc732fc7553065a380336fd6
-
Filesize
16KB
MD5ade57a9892c105eb146676b760e41e1a
SHA14ae761adbe22de8b6979c1e3b6f9129ab8ff2c11
SHA256273783621ede4e3a64953b0f7bf0d9fc8ea1d76a0d3d822f94f568a1d9a36eb6
SHA512aeaf10d02cc568f8f5a09a713bbfd0ebe83d7fd2f66903bc8a64e75ff83d9e438fb937c2f76b5424e540b10f6260ca29477d8eb7370f35cb3ba74ddf7892d8fc
-
Filesize
512B
MD5c65be41a96cced0df5bf5c9023776ee3
SHA1c25c933e73f8a0b33637c37e1a4de910bc89da93
SHA256f8da60c07c77f7f2e59b6b13d4c85062e89bdb2dd5d78df87699426ec9cb7752
SHA512551c3fa8ccaeba3841a041bd03ab9b1493a8ed9de4d963cf384d366f5bdc7320292a61da31269047996dbc4c1d97172e82f8787f526554e591dc0175e7f4f972
-
Filesize
36KB
MD57f68af22a1f5935436571b21c7986b6a
SHA169479fe9ff4adab6a5959cfe3e33a3870e3d9e70
SHA2569eb01c3a744da634fe4d82add9cba9686e46681856cecd89e5ef97db22ba3676
SHA512867e96d12e8953ff8b4e7218e89170ab65034b91c6093666dd3be084f3e58359f1bca26e381dfdd6c09acddb4ce0e7c85a020a5f3af4506b968c70ec00beb2be
-
Filesize
4KB
MD59e8a4f6525b727dd0b4fa76db0aa1946
SHA16565422b85dcb1947e2dcf45e95546058be9491c
SHA2562921a53dd9e6699ef0fce3ac753251a25ad5453e55698768cb112f26e72e35a8
SHA5127c44dc901ff9b73f9b5c12709efb303816913e75da53ac9d661f258e4a4972ead55d5eaff3a9a2648f072cefbeee9c16dd8c0fe1a512ce61d67c40e8dbe7c9aa
-
Filesize
4KB
MD5ffdf5745e48be9b14015c1983a3adc81
SHA1fd96893950ad985b68bdc90c53d02644199b3ec6
SHA25634b201ae456598a1d4487561843e8cb711741d7bbac34a3d7b16f369fefc8224
SHA5129f29a2e641d5412f3c1554eb2c142301058aa50502e76e7afed36621898ab2eb1dd8ef45012076c248d9ec6e4f2c58ab5c25661908af9ab166daedc63dafc0f0
-
Filesize
4KB
MD57ae3c0a6a437144dde78501687ee065a
SHA1ed8a45abd0b2849c90589fd0cb2af8b2096d5fda
SHA256928b58b72bfb19d710296a4f91a939ed5f7918a893f0734a6e89c5f8ff7c1ddc
SHA512e3993ce9231f423f022b885cf84ce322a8c7a2c7d7089a5a1aecd66f0cde0b33501c0475f62e1902a92e935010fcc25e59bca1ee78cd9a31f24b1def80d345db
-
Filesize
4KB
MD583016ce28b9e791e9424debf8339b8d9
SHA166d1eb49d95facd09495cc57fc71b8df506fd615
SHA25605e2b78ffb84067ef71e5dab8d32d9d2035ee4d0c9048d751a389bfebb0d8478
SHA512476e70042536648c2a2aa0208fbf686a75e7208f70e63159ab09a25941fd3f4c3d08243984f79510849841f8b35e1f4a46a290dbbb9a91436e5e2b85a0b5ad5f
-
Filesize
4KB
MD5a3380842d2857e1a81e69e5669455654
SHA1b2d3c8bb58ad9c74d44805ecc0428df2b8b69648
SHA256c0710cf35ba360de5395e6c28e0cbfa0f340ce97276298064c975a2187096178
SHA51285c39526cd03b4c114c8302ebdd4d6e99e00c4bbad4c2e41b821eadff904dfdae080c172d6c528bc2d272f36dc74e45af72cdd1da162b02750590e4f98c862c7
-
Filesize
710B
MD520545f5348ca913c1af328080c234228
SHA1ff1cfb24324a9c82d5bbe32d673c510d1ed9a3a4
SHA256637483230c2f16286fda914da4a096e37a5a554788420317a23fc4c4447ea167
SHA512c2b2117885fdf213a0d07b97052c7e388bfe5758010fd0faa1a22196baaa3cfe55fa708c07eb136cb5ef4db737fba7ba8ce0f64f99828e1ff13b12b37364687b
-
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-66495DEE0224000110CA3F747032009A.temp
Filesize443B
MD5e775715824c423f0128f711ccd8fd76a
SHA14486e7254ca25edabec6bf8d74d6fd9ee100e38f
SHA25648d598b41b713c94ddc97fc609ff4ddb82c84a091359c2d22844c773d7525ccc
SHA512506c4c5a2e1b881dd158fee60cd5223be0d602918c1fa1f1c922373dda1b11034e97b2ada8b126eb6265ad78c740990805f7e771c020cbc296fd4f888558cd31
-
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-66495DEE0224000110CA3F747032009A.temp.tmp
Filesize16B
MD5c33583fae4e0b61cde1c5b9227963237
SHA1fe2ebe4d27469af1460f7e852031a04208ef629b
SHA25635c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc
SHA512fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e
-
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/report-persistence/sessions/66495DEE0224000110CA3F747032009A/report
Filesize732B
MD5025ae1aa26b06010287b5a2e4113e3fa
SHA1ecc3821fc491a0a2dd6c5d6074cc20d2a010ccf6
SHA256992dd42a692b9cf780b40afecb38f6aed3e3046c2b7b6485dfd56320fea4f2de
SHA512b835f6747253c383016242ac8e80105a08d7a49fe62e6b8eb772e33eb56f6b3b83d37ad7d0fbf6557e54cec4cb32b5999b7b965c6a2303ed8f3c9a5ebbd0db0f
-
Filesize
90B
MD5dcbd2517f18831482f346b55e82ff2bf
SHA11ab3818200a1301c00cf3d36e6bfa08fd6471116
SHA2562188c0cb6a0a293a20e2d6c0430b35bec7e801d88861807e5664181ba8a97874
SHA512e93dcf3456f957b3c72584131d47a162a7986fc9de7bb1c5d08b876037518ce8c4f290f1ec966a6476969f193b477d6688ce37d80b77b1c313e6e8fbc8cbbb5d
-
Filesize
565B
MD5faa0e735eacc2151c33c33261bf3bae3
SHA18bcfc65b34d3556feb17e313904c770c492e3daa
SHA256e799e864f78dcae96c1f422d28218994ea70c7d275017607a7fab14961ede706
SHA5124df936012a20a7f9564156792cf17240e201ae29df3fe2f40f4e8063624d67f8ed2f4d90c2ad9d85d751684ad627764dc47c7e31cc85baa65b9f72f3911cb6a4
-
Filesize
36B
MD5c0723061ad94c81eb500f06551778fd6
SHA10bf52f33430c7ee0ff96a25730c476b14162e0d0
SHA256b8319c26d6c3a7a9153b017de13c89b3582125ebf446a5fd2b533022c12bf6a2
SHA5128cfe8bc7a9bcd59d010c7e1c00a34fc90d87d6e355d80083bdd55403b2689238aae30ffb833b4e1702495a4f3d2e4aab4ed6699f895bcfee1d1dce94827fd9dd
-
Filesize
512B
MD5d85fc2de1ce49752b0f178eb96de6d2d
SHA18cc6fa55821c415f45688eefb44d34ac5042ef44
SHA256e8217d7b1db6ef7eb4354b4d55516695c830059aa6e07e0d07c6f8a171661db3
SHA512b1b93f5af6668c47c7dc431f376dd472d04cded2ce88d5b9461c2487fc101b95731b3723a3ea55a3d116a6ef8cba7911a50215df0a61e9340c13f118956ce4c1
-
Filesize
16KB
MD5d59bbb09112af7fa3ba7288d89feeb86
SHA185ef8b8ee988abb369bed0b0afdfb837c7a570a6
SHA256eb61f614483f64b652d1503fe1ec8c6c32e2e043718ba95dce544fb28132e227
SHA5123d8a733e0f0b94d872b09da48e529e89ec0822a9993680f665faae3cee40664e842b832268ff3b947b75fcf193ef77864581c28998a3a049427a63976a276130
-
Filesize
108KB
MD5f9d262e118761e8ec31f4ee3e89f48d4
SHA156fa7209ec38be1df643cc01981d26c33f194cbb
SHA256ce8f515449eb859ef4391363bc410ebcae31acf105bebc7f41371a5a166a72b0
SHA512d60e26745760f36848e3565fe2009da361f4801085160dbc4b00b84a2c2d25ef68c2c39adff899980bd05239cd2a02b6e44f7a3482a8916fa617749ea77942f7