easylogger | 798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae

Analysis

max time kernel
48s
max time network
142s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
21-05-2024 02:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae.apk
Size

5.8MB
MD5

1398c9c6999be6f56f2364ec680f8557
SHA1

396c173b4c084afc3a2c89044ffa42a3f0e4dad4
SHA256

798fafd34288fe8439dfd609d2599f234c6cf63b047f032d872d228f951c87ae
SHA512

49ae3724b60f40ac3646a44164fd6879480d895e1096825f484d63d286b5c5b8f2557bdf752f746651504bd038bf9e93dfe7400977e2bd6ba24576843b3393dc
SSDEEP

98304:BUlRb+MDHwasxU19o7SDWNYbM2Wlghs4DqHvSse0EpO9X0xUCd7Mmp3/U5uaMA:CKhdU1xWlQDuSsGA9X097MaPUo/A

Score

10^/10

easylogger banker collection discovery evasion infostealer persistence spyware trojan

Malware Config

Signatures

EasyLogger
EasyLogger is an Android stalkerware.
trojan infostealer spyware easylogger

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/xbin/su	app.EasyLogger
/system/app/Superuser.apk	app.EasyLogger

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks memory information 2 TTPs 1 IoCs

Checks memory information which indicate if the system is an emulator.

evasion discovery

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	app.EasyLogger

Reads the content of the SMS messages. 1 TTPs 1 IoCs

collection

SMS Messages

T1636.004

description	ioc	Process
URI accessed for read	content://sms/	app.EasyLogger

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	app.EasyLogger

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	app.EasyLogger

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	app.EasyLogger

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Checks the presence of a debugger
evasion

app.EasyLogger
1⤵
- Checks if the Android device is rooted.
- Checks memory information
- Reads the content of the SMS messages.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Acquires the wake lock
- Checks if the internet connection is available
PID:4273

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

SMS Messages

T1636.004

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492

Filesize
1KB

MD5
a155b81919f7fe7402a3fd1858d49c8f

SHA1
5a602c8cb32dfdf4aa4e52946b98eaeb1d6fbc36

SHA256
66fc5cddd05c34e686ecb06611734511e078f96f3b994eb67a36a288afa3270f

SHA512
94413c03b06763a71d21f1d6c3d56ed842df9f5206063813a50bff70e06023d44fe887b10bab3a673751366f9b28804bb5fbd2b1b1e1193110036614504bd789

Download Submit
/data/data/app.EasyLogger/cache/volley/-1201570017-1616341492

Filesize
1KB

MD5
fa843c8fcf7bc4a04a81c32ee1ff5a8c

SHA1
1cbbc0eb567ef8678c163a8257f19af7e77a3077

SHA256
b043cacd3257066aac528df9ed7cf4dfbde6795f7fe0ddfd16edfb7bb9a28a2d

SHA512
9ab23ea118c1325155e783570dada5e5ea4e49e317ce51cb02d026e3f544c9a92335d744fa98455b5835bb308fe01affbb444a5d0c07d558d291fa2fbae495de

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db

Filesize
76KB

MD5
247a9a1ab8a9d50b768aea16f443ee52

SHA1
1b8ef45ad7df4db30e70051835585e526f7fe488

SHA256
6c414fa302b351eb7df14144c5c36a7ddd181615cb540f012ff67005837c9796

SHA512
6285e17579d1253b10f20e00f40aa8432e58a0e7b0b080c7ed52eafabae8f339f250897164409d1bc6512359557545998042fe41fca2e7b4ead85ab26918663f

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db-journal

Filesize
512B

MD5
b701883fcc63cd5c68513da1c7e46b69

SHA1
f4ffea83592daafd9c6aa85fd46c5d0be31b00f3

SHA256
bcca5a0f095c271539ec9c41d0a8ca97317b40a19faca6bdda80312fbbaa9c25

SHA512
85b09fb83ed78b75e5aa2b18f32f69f59c32d3a93b9d7acacd6c329ebe434dd9fec68f3ff0f4101b2d9e086203d90312490d656ad2e6b7b77d0ad37392720a12

Download Submit
/data/data/app.EasyLogger/databases/EasyLoggerLog.db-wal

Filesize
140KB

MD5
b1605c7bce48cbe8b41054cf2deffd17

SHA1
3f2feb29f1ceccd5160f565e5f75a36e653963e0

SHA256
7ee51c4f6b7fbed18704a8c18a618df74e8cf92900c09e847ed2a648e3edaedb

SHA512
2bc9852e35f7c646bfbaa33f63f5343999d68c1d5ac974c1b1519f4dbf2a1e778392c4816eedcb9f5cf62cd7029c692f3f5bb3df05eb129881e1aa8807caa313

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
046b9f0e3f0991ad3cd11e8bc6a265fc

SHA1
424fa9c6e558cb96cfa829f0792c386bef740dec

SHA256
911d098820339aad78cb9f87f63b6fa6638c20475ed33726109c273dc3757468

SHA512
0fa3642596e94ed9e60f83cb4adeacc71f92d47e83e2ed0e45f95951e4c92134536d2ec572140e8f3861b684d09db41b02b19709db399bf94ca954c8239669ca

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/app.EasyLogger/databases/com.google.android.datatransport.events-wal

Filesize
52KB

MD5
f8ef220dd6d995ddc747155157f86dae

SHA1
d7513fe5bcecbb9a634e19ec414af6a83484335d

SHA256
9eb46d4ea046b4475be417153e8c4d6d921481419bcf30794ddd7dfdcabcab40

SHA512
b34ff7ac0f86fefa38a454a8854080ad9851d0a46d9da3a742617c83cf0e85491fa3f94794103a479bfdc3855f9404865941d182f3ab7154d9e27dfa6968f753

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-journal

Filesize
512B

MD5
1ba1feb8dff71de7a93f15a92395e776

SHA1
6a3d370d3c904e7ebd22fa158994c7766b90f6c3

SHA256
adffca28d4f8eac7531640e45a367168c0d9ae50ed2ab8bf8c876b8b3ed96cf4

SHA512
be770c53d7f36d9a4b0b3d92cc88c43f14f98fd9b92d35241cc9c1ac0dd9fb988a616df136c37b466b09094af18a99fd53c7891bd7f671249d2fb38d492d888e

Download Submit
/data/data/app.EasyLogger/databases/google_analytics_v4.db-wal

Filesize
68KB

MD5
5449b22d89d87cd1840efa37bc10e5e6

SHA1
6dd1520b2329c4381c9ab303da051d058c8f11e8

SHA256
8de393072e4ff922938fcb9c137f410520a325718c0feff9c42d45ff3ade6c8f

SHA512
5559809ca3effc7175ad7ce2cdf98d2ee534ff21fc1a238ad1930ef158153dfdb7f0d3718977291388903e9deb63521f0499796b158a2cee17b30a7fc97a5f0a

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7237409e0640cfab7bdbd429bf821a3b

SHA1
4c3da934842f8d4835dfe2a9c275a300e5123309

SHA256
5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa

SHA512
c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
6714c9d371ef563f9a57d643d59d2587

SHA1
949a181268a20e66792b2e01e7c8a77b344e0548

SHA256
07dae682140207c6cf293b0fe26c367ccab4cf38e8ef62334ee03ba9f4ee33ad

SHA512
2c6856b1314b2bf90c3b58800946ae7256c6a4341f1f89c3a76f9531d9b1f41a293b008d5bbebb593c72a52dc024f9205a56c9135e5d588b9931672dd8c9e5a0

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d0907e2bd7f11121ad653d63c3ec481e

SHA1
ac2ed808e4260a84d83cd33f247f25edae5f8282

SHA256
310f4814a51bc5267608b2d384ca537298e888c28429559680fe16bb8df059ad

SHA512
fe3c07b1fda4ec1b38edb1e61f5d052e6d322ad538227848427b02942e672525ff9b11a46bbe64d964d08376abcbb8b54194a3661073a8c2292c1fec8d7dd6a7

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
d2d84136da228283e17abef332f0676e

SHA1
b7783bcf54c1e354c6965a69d9bed4300b380b04

SHA256
788ddb5443e66d4ae737a5546189dd38aa125cf4386aaced50d4d78b16754c8c

SHA512
4c8abafd8de3c4990bae1aafb1f1e45db91765a924f9e80ea0dc6a7397d5ee38a59ac62de96c14ecc6b6cf9502cddf2ed3de41c10bc32ffebd67e770f7b5bacd

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
7129558fd36edfcf208d40d1e6ebe77f

SHA1
357f0fa72c48cc1df3f397180b6540580e62e195

SHA256
32e25f2d683596e049f6307f6406a03e491db6d6f4dfb26fac03a7fc82e9af5b

SHA512
6c5707f518070a127c959830dfcfe0ce21e64e9a6a9fed0ab75d11821d026445afda425ee7ba160438653a196e2d822535368b0bb5be6a572b6e598c3b9f37b7

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db

Filesize
16KB

MD5
87cb9139596742358c3c3c255a7eb83d

SHA1
4c828cd7ecb820c49388be23f7044752b2a799a5

SHA256
3efa205c621cf97960f5c1b691931bf0b983ceeebbf1833b6fa0f9b1391a1593

SHA512
7edce5c507f0c3efad1c9fbc7da751a2b11de32fb23e52f21d18cea525e1172ffcdf71198884a0a5c88d84e3268d8125815fe88f78743d9a2b2fb4982a841b2a

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
2c7298eb92e73e83d426d9c0d4ff49b0

SHA1
53c3cc5f851ff63c36e6bfd2cf5ca135ef6f1097

SHA256
1ddc001c0ac8dbff55e4e7ca2017db5123bd9b2d199aced8cbd52980610a56ff

SHA512
d5c77554559f92ae0e6f3e6e1848594e684fb17627df19e1365ec226b72cfeeab1a4686e890cb8262322ececc353de717025e167c7d8d77fbebb042c4824d490

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
36KB

MD5
c52828ef14475366fb4655dd70972b3c

SHA1
1fc7906a71e5fd1a6eec5170c9287dec25a260c3

SHA256
4e3ec765d4146e94daf9c97042d676f40dde7ad50d781c8bb24417a1755f9904

SHA512
ca54f3e164cbb0b65c01017ecf875e511726ed548f1335fda2982dd1d8ac71621795d569c8ba0c9a55758bf465a37df1d83754c2a3d191e6ad1a21817e016179

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
3c542def4783ef28ea550f6c4926a574

SHA1
e26779381bce60c64bc23e920f70e900b2cb377c

SHA256
43d256153735989a62161e839efc1e6c39673e0b228b256e38e687b83c31afb6

SHA512
031f4628a788a502bf303c31bdb8bbf9de6724e9fe13796f7a31da6efa6c92e4a2d9e6552b73c15eb6a177559257ea7db50f94ee7330425fc491b82e6cb9f2d9

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
9773cd7841e51cc4f2a75ad17089f0d6

SHA1
97b15a9ef716dfd36d60adac8bc1281bd239e4ae

SHA256
eba33595c5831233dd22eb73d1fb716109a7305751f009d1ed99d0c7a7a93522

SHA512
5cba8d468e15d84e877818975e74d8721122a2a34cec0372ac9b41aa99b385b539c3f7b9afcdb4cc2f3124a3ea1850e4854da33de252dbb4274d758ac31ae049

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
34dbb161c38be39993917c74668ec7d0

SHA1
83f766d2ef4a555b0285d28d4f9ca4ecaa1ea4b3

SHA256
844bd3eb08e8d5b17096c1015779ae7bf19d3cb87a4d8ce1b62c6a96aab72954

SHA512
2309d4f4a4e61d622298f44cb0ee88e97be3bcac2fa35707d0c7a7c9d13003f46a83997f5ce91206cf6e09e494fbee65a0906b4212e3ba8f6200e8f86b576567

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
4036ad2df4e8e63c61a0b6806b704d04

SHA1
6caa9aaf241df076e84c522f5a64cdaf95438ef8

SHA256
0ab14f7df64a1f98ce4bd6b01b30cc84d7357c2c8f6cc9b5e369503ba71d4aa8

SHA512
03d4580dd5cae0763329174731af0639cc1b57a4d1492b39d8f3055a627f42b4cbfa11197cd30d89dccc5107752c090f8da91e5f2030ee86abf6d5e8fc1501ba

Download Submit
/data/data/app.EasyLogger/databases/google_app_measurement_local.db-wal

Filesize
4KB

MD5
171eb935a87bcdda2fb75d994427ab67

SHA1
1966faa52f1eef2664dda4cfcdbf69a0f515a735

SHA256
02118f0fb708813a7ddbab67439da0c0875394152c63da5b31128875dc391d65

SHA512
cd955fec4d2492d1ea8341ad7c3984c865d7498f867ba8105ab9728309d46ad6131ee116bff151c46953eebd53e8d557866a6137a6aa658b59cb9b7c42487341

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/com.crashlytics.settings.json

Filesize
710B

MD5
d8caa8395ab551902ea74a7e13ed686d

SHA1
341903078638fa936d0024b4b559119d99afed19

SHA256
e1ec5f8dbf9dd0466a3245251a42b2af189a8d96390eb543bc378179c524884d

SHA512
2cc2a8fc2cf8372fae03c71b5555806700548905fecd03708fe395644028b76771807ce67122b034e6ee0e6f94b1023c1ef79e0478d0af01411353a21635d024

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-664C0346019B000110B1DB6721302206.temp

Filesize
442B

MD5
e18c34297f30774f57a1becbb10b24f0

SHA1
23b815e0ebc6a21e74a41b94acdd424b4fc01109

SHA256
ff13764898c27bba7751918a348eab58ca7cad09dfebaf28d92fd30f7a9432dc

SHA512
cae5b00cadf85100f094036c100a14d8aec1913ccd6ee133bd84ea73e94f351b9bb7cc7361c3596101d3fa33b2fb25d6a4891ec066f76ef62be78fcd80070141

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/log-files/crashlytics-userlog-664C0346019B000110B1DB6721302206.temp.tmp

Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/app.EasyLogger/files/.com.google.firebase.crashlytics/report-persistence/sessions/664C0346019B000110B1DB6721302206/report

Filesize
732B

MD5
307153619d0c247d96e6c0972c32f545

SHA1
42b02127c5f8ee56fe3121391e97309e5a411d85

SHA256
30e0787857a694f9c548882e224b89912daf5c81819577d8624310e3d92a0af9

SHA512
b6ca30c82b40be07b643e7c916ba2116f1a91728f1aa6eff799ae95bfe446553f5082a14d737fd2c9062dc7be79d7672b91e03e90b50dd3d5e9a82b1cae42f21

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation1712891581507494775tmp

Filesize
564B

MD5
d26b1e7d463dc1e656a3d284fbeefd31

SHA1
f3376bc34df2bfda8ab68274c9c30f5f57849b03

SHA256
0362d43fa046e29bd4d56b26a3af543a2d9cc6d5aaa94fd5096ff3cffc6a6f93

SHA512
b3a9e58778e3b355b12f65b283873428d0f69e497d83ba0bc19f1726de6baf1149f7a18d991227d4cec365452a08af6e5c7f556cb5fa97ac4137fbf500752a05

Download Submit
/data/data/app.EasyLogger/files/PersistedInstallation2819978122937420731tmp

Filesize
90B

MD5
016c565c647023dae116744d5663f722

SHA1
175505708b958c5ff6080af92f9ae96a7a6e4b4b

SHA256
bec677a0065d0b17ad15ecc01cb1f959c0661a44c981417416f9619aa72fd4b6

SHA512
745c8d411c167a783eb0e4a7ded3532ccd0dcf6cbe1e7d14b4d62c114348df331c39758b156622e45741c206a181c514cf0b0b6043d11257aae3f68309e8df82

Download Submit
/data/data/app.EasyLogger/files/gaClientId

Filesize
36B

MD5
6906c3c0d9d00e990fa2cfa87b72ab22

SHA1
d0e8f951dd1ee901dd909902ed0f7e9a2f4340d4

SHA256
68f2eb6aede28dd1c7baebdb8aae7290e998e80737253364f927cc95457633e4

SHA512
7efff52aafc993e2564ca0fa90f348109e7a92c0bbc36a9c7eb752ebb9446cb5f52d99f32e8efb7566ce37c9c277c9f721c7c94015c75648e36a4bd212d994cd

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
a391855882256c9262f4ba88c163ff66

SHA1
3776d0d52715d731528e9d74560bd5cb234fbf1e

SHA256
fc1d8c7496a2f494be57be4ed642f931ae6d4dc7bdb46e50ca25f8863ea0292b

SHA512
1ee7fd0e6b688221207aaccded30154b524f593bbbb8139cb5dbe8213e1f3da03eb0792a77d3d347013e9745e1e0243cf2cd329f9162829afbbf7f5605dfdb05

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
563539a854291bec038e5408d5d82e88

SHA1
4b7a00e4f147f6ec4cdcc15474f67ed97af82e21

SHA256
a3da6299aa47a551d9334bae611fd34cc60249f11b6ce929345e3a794f41d0ca

SHA512
bac20f303f43ff1cb8a73a3b4791db562bda0bb92ac3c0aec87a4613ef3d442293a0e5dbb4727444fdbf172eada5e63089b52ca542ffa153467b42519b6fbe6b

Download Submit
/data/data/app.EasyLogger/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
b7385acc87aa532f2345c725edab78cb

SHA1
4d3737cd4e33a980bd099de88b210d6cbea33428

SHA256
96f56eccf4c31855c8272a58409aa84c056e9d31d5374939a6d169b0cdb69c0c

SHA512
1224f287d1be41990d0df687402372d31a828ef4c9f664574ae14bb658be1cc2d343da3748ddcea20ecf6bafb8de1c727499bf5f3fa803bd55d0e192557eee42

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads