83db3f3edb59cdd7e4f1ce5e1716bd8a7b5889655de59a616fb814ec4dc0db0f

Analysis

max time kernel
30s
max time network
43s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
19/11/2024, 16:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Balatro-v0-3-patched.apk
Size

60.4MB
MD5

4565a17ee2d90cd0084235d8850e71ad
SHA1

917a14cc8ad56ea8ffb5871f6b71518690225228
SHA256

83db3f3edb59cdd7e4f1ce5e1716bd8a7b5889655de59a616fb814ec4dc0db0f
SHA512

f01c2bed2bebd42bb10cac1b7609ff27ee48506337f9de7c143a837ec01fa4ee1d5a9b62a611dd8741a9d49e63a760cd12da16069903a143958bd0c20ba6c4ff
SSDEEP

1572864:z695crbQZbPrpyCIF9Sw2QrjIs8QsqiaVNPI+gxN:W9WrbQyFXosoRaTgVX

Score

7^/10

collection credential_access discovery evasion impact

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.playstack.balatro.android/files/PDALIFE.conf	4353	com.playstack.balatro.android

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

collection credential_access impact

Clipboard Data

T1414

Transmitted Data Manipulation

T1641.001

description	ioc	Process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.playstack.balatro.android

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.playstack.balatro.android

Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Framework API call	android.hardware.SensorManager.registerListener	com.playstack.balatro.android

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.playstack.balatro.android

com.playstack.balatro.android
1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about active data network
- Listens for changes in the sensor environment (might be used to detect emulation)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4353

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Clipboard Data

T1414

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.playstack.balatro.android/databases/com.google.android.datatransport.events

Filesize
56KB

MD5
d9577a2025b63b947a6b42e09254bbbc

SHA1
2923149fa49c70a37192d155e4f8a262f48b7a9c

SHA256
20e3e6655672c21a5f715511d3766a39420c748e768bc83b52182715caa5916c

SHA512
d7a385deaa2c31fd0edd2d54634e97799e76994796b7709a4f076d6be5042f9ac06cc97c2d3d241974025d41f60e99791cfe8419305476d81f6a26b97878f7ae

Download Submit
/data/data/com.playstack.balatro.android/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
e4a0c7fcf1fdadb0b47a32919f7fb2f1

SHA1
80b37bbc5fbb501ddf09c96ea1d1647eb24c84d8

SHA256
c29711add35f56992a5e11e0524815cebf4729ebb93fb19e0413e1b2db3a7050

SHA512
2fde9072ce03a90ca100e728ecac837f57458e6a5adf85b148509fad990e730a2c5d1b068cce7f2303b9fd2e1f6697b411714c64c77ebd2c796a88c7b2ee6096

Download Submit
/data/data/com.playstack.balatro.android/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
ac51c90d6cf0560a1a28f3986831c998

SHA1
6cea21df20dc79cdccb3f9f440965ffe9b44bc59

SHA256
e46bf464c2d43df8a8c842103d31949097a46e2c284f3a9139390c464c1240b6

SHA512
c8b45ef7609194e484a49764652bd9d2920e1fabc7523d076b0330a1e10522fc69968535ac0525eb26dcb9415ad43b11e43f9e2a32da4dbc272a721801efbf93

Download Submit
/data/data/com.playstack.balatro.android/databases/com.google.android.datatransport.events-journal

Filesize
8KB

MD5
2100bfc61cfb67fb4b02caf0a4e00f8d

SHA1
848123d5b2078f5a3bee9a890d2a35c767b1aa45

SHA256
1b1dd909fcf0b4d4e875febdc587607af070151810a3d6c3e6609699aa987f77

SHA512
41a70dfcdfd163041374be65ab0c3ce6762aa6aeef04c92daeaf06fe610251499be6141b8b6a6cbc46af561b66144defd0b4b74fd81ec3daf33c46c65f5f114a

Download Submit
/data/data/com.playstack.balatro.android/databases/singular-1.db

Filesize
20KB

MD5
fce28a0c40a6c7fcac017bb51d68110c

SHA1
c884bda7451748b309fa54f41083bfbfb6c2a1a7

SHA256
405404162c8c171f72269ea5054daff7cf2d3f203ff91f82a629a9becdf0a498

SHA512
7b87a5e5428e2d3bfa68ede452b103f3d57bdd0987fd2c5d6b96d0854eba3827a60389ee8943774e71379f0555a45d9d246f3a34d81ef595ae74893b50b77182

Download Submit
/data/data/com.playstack.balatro.android/databases/singular-1.db

Filesize
16KB

MD5
c00f4eaa498715fb2a912fc61c9b0b8e

SHA1
4f2e36091e676994c58791ed3f457a8b34cad666

SHA256
3e07a173a7b5a57ead7e9d3fec6e4365f81ed7d20d9ff2797fccc4f67841db11

SHA512
0fd7d30c795396e0d774bc212c07b99824c6f387eb1329d34d8c513d2e6ca681b795a588942e3927f66d5fe62c518c40e1958ba864a77b3bcbb234bbfd6c0fee

Download Submit
/data/data/com.playstack.balatro.android/databases/singular-1.db

Filesize
20KB

MD5
ece653dd26a0e7b786f342e7a2f84726

SHA1
b28420c595d7a938e4765a017d10724bc8483c52

SHA256
fbaba26e6c2b6eb495e173d0a656fb01705d89cedac946664cca41c0eb8f0237

SHA512
2b36abea0600298ab3a9b11a4de462876685f0dc99ecd30488c3bd2b1f0f0a6996f4c28916072dd9153b1ebbcb5948adf23747953fb5edcc7cf1a059f16fe7c5

Download Submit
/data/data/com.playstack.balatro.android/databases/singular-1.db

Filesize
16KB

MD5
8b4db5243080f9eccf20c82366f0bbcf

SHA1
9a43cc9d561b4f3c5612d8015270cc3c178c8a4d

SHA256
887e91026a9f3c36a112baa7c8714e11da4b6302a9530f4156626f5a8ab1ff2f

SHA512
abd4a34649207ce424c6356b4e8682a6aee4fd9d72c39218f905930f24406037b4f92f06c758c2cdd40f1d4134c964ddd74dff6f114924ac2837ed66135371c9

Download Submit
/data/data/com.playstack.balatro.android/databases/singular-1.db-journal

Filesize
512B

MD5
bc0ec86f9e387a4a2fbab98070b61250

SHA1
0fab3842a0bd52594fa4b6d7fb7a6c023d02f8d2

SHA256
97d3ef53de3107169adfe356a9a5b961cc8f4a9e27d1daa8155449b253008ad8

SHA512
8277b3069e456f9cd2c9a67f2f0348f4c1aa8dc84cfa100971ca0d29221757a2e7343c93da0f1d0cd42dab5ff2c1aea94f6df8e3f740064bec0c24a4ba0da363

Download Submit
/data/data/com.playstack.balatro.android/databases/singular-1.db-journal

Filesize
8KB

MD5
afcd56811686407406b816ee2cf24a39

SHA1
29aa534115aae6fe3c11bd9451f82eeb0edf047e

SHA256
d16174f8befd2b2812578d7cde36ac68ac5e346c4b16688629642ff8b3e1977d

SHA512
dee4596638c176de5bdf4bbf1287be30685649d5bc58a9933642f92640228daa46ea7d9f0987bdd6d89289f2ecdb171c83a310d0d3b20bc5d69cdd9957fd73b7

Download Submit
/data/data/com.playstack.balatro.android/databases/singular-1.db-journal

Filesize
8KB

MD5
ec57e8fe56714c07ebdc9fbb961210fe

SHA1
8c09f26473f814a8d6e9a28526758a46468949c8

SHA256
066768078ff943abf99faf38be1216e531842f1889cb3c2c6adcb3894e4e69b4

SHA512
59e7b673372cd902872919822c117efb62e59318cbb3da29463f35c0b2f4a86c1f1384e09f42dc7658ccc78e08b1f49b13b0ac7c70b0511ea1530f8e5189fee0

Download Submit
/data/data/com.playstack.balatro.android/databases/singular-1.db-journal

Filesize
12KB

MD5
119f33d0c3629062e54ff98b406e6773

SHA1
6050ee4eb5756922e656539ad17aead708c6e366

SHA256
838366051cf24005151d2be371ccd6b4d64ff36870e44a329df37ab45ee18b70

SHA512
ad2ff95af0183640938f8343e23238f46a724f5f4e4026da9cafc01c609f2825988bd3f0e89b754ac8f2f0f038979d6612afe3b444b51f4bbccdbe1b8cb59b2d

Download Submit
/data/data/com.playstack.balatro.android/databases/singular-1.db-journal

Filesize
8KB

MD5
282c648c20802b19b2ccc176d4bef0c6

SHA1
4f63a54dca5434646996e1c37b5e345457472efb

SHA256
facdb83a5480e9c999854ea5ee99ceeafb344dfdb8f6ef00b778aefb6108f7fb

SHA512
ab9074223d585aba6bb290cbe257ef756496a410f3295deef0877bdb8b7a967328dc20ef3aa0c194cc6f287b81ecfd2df0e600d79204476223c88400fdf5452a

Download Submit
/data/data/com.playstack.balatro.android/databases/singular-1.db-journal

Filesize
12KB

MD5
ecf57d58f09f1b36df1f07ac1161be27

SHA1
139375375c338eece51074343b4dc72cd405ed4b

SHA256
b7b3b38f96f682bc903c2833d2cb389279daad25ab4f9650860343fe8cadc1fe

SHA512
3fa735ea568fc08a8371178e62eb7cbc3792a0518ea2a2b349b0ce1d4071e631e7f69ea503571256909461ba5cab40f5a0a7c5abe2e5cdfd36dbd921499c7305

Download Submit
/data/data/com.playstack.balatro.android/databases/singular-batch-managerx-1.db

Filesize
20KB

MD5
630f95dc7a84aa37c0a37835131e0a07

SHA1
b4bd43b2056169fd5df8a8d4686974db880f6fd4

SHA256
bce1a33ab4786b4711efb9333e5fe8c9f8198bd191eb3f26040d7355ca062458

SHA512
646d913b9c8292bde71e530d63a079bfa2e1a16f8287bdb919cbbbb6005f7cda7aa20ecec83493f5143a8d0f95a00c7049af82b8a1f472f629d0f48cc032207c

Download Submit
/data/data/com.playstack.balatro.android/databases/singular-batch-managerx-1.db-journal

Filesize
8KB

MD5
26853ee92c22114bda6ee5346bdda82e

SHA1
411199d48976a379834c4c7f11996215dd6b8e2a

SHA256
6e6d71da5a418a78ae11e0027657b0d34bd77dd35191ccd04b287aaf794f32f4

SHA512
6f375edd32ac7266651913a9f04f452e6a5d14079131bdd75cc8838822526409de8d6fca5447f24fc3ddef3f5f51e4079a8f30db84af1c6c04b4c15646f623c4

Download Submit
/data/data/com.playstack.balatro.android/databases/singular-batch-managerx-1.db-journal

Filesize
8KB

MD5
c9c46b77cb70702edf19860dfdd3ca97

SHA1
fa253bca7f32f4e65f59678de3cbf4981ea325ec

SHA256
a186a02f195eee47dafd1fc1109c46f1447b690f0034fd83b1d4e9352eadd4db

SHA512
8fbf5690fc7090121eb7d695db3da53a2c5a18742d19b9dc4c29a2c2e51d9e316d0e143cc2b3cf3fef537d3bcd2c592390f92aa4995aa0569d9e43d4413c2190

Download Submit
/data/data/com.playstack.balatro.android/databases/singular-batch-managerx-1.db-journal

Filesize
512B

MD5
143fc891096d90f514ffea5f9c59c0f0

SHA1
cb110befecdfc43da7d42e9028d5d06dc67b93e0

SHA256
241b97867e0566342ab7ae3f6790c26fc3a49ddaae036a855803757632bfb7d8

SHA512
572e0424c55ac25716cfc9fe592b95b762b1d35207a30962ac14aebd53175ae64d138271549bb0ecc64eb25efc38e1c0c952d35cf1fced0cd2b2001288c1b007

Download Submit
/data/data/com.playstack.balatro.android/files/1-meta.jkr

Filesize
1021B

MD5
ea2df56c673131d0ef1fdd60cae38873

SHA1
ae9b9a6ca81af9bab25842513ac1e4b323b5d3c5

SHA256
fac78338b4f0e0c259076831cc480eb2a3cb44f580120496c826850c95758202

SHA512
f01942cf230adcb9b9750f00a68cab208e15a62da9843ce1d205be3228def96dba52142b5670afa288c81e89568034500f0974523f6d02784830b6eb8d1429f1

Download Submit
/data/data/com.playstack.balatro.android/files/1-profile.jkr

Filesize
539B

MD5
efe790fd6db163ebf9ff4f256a5b4b5b

SHA1
0e41f9a0f7bf007e402ccbdd7d1d92f57ebec813

SHA256
1f444cffdc9385b292542f31b977b1306d4a50b16f928486b1ba052750d24110

SHA512
9d5297b6e217f1478276fa3733bfba863bde5eab2aa21ed932121e296394718290756cf2d9a1303400416d47def34648e6708d5161e4644aa487ee2e75f65f40

Download Submit
/data/data/com.playstack.balatro.android/files/oat/x86_64/PDALIFE.vdex

Filesize
408B

MD5
1bc2e3ec44444cd1c677264daff224d2

SHA1
c8ec6890014ce1164999af350aa977e056326c9c

SHA256
a632f09f0e1c794d1a0925f3afd5c7b78bd3fab1a4e3c5bb3f693cb28cff81fe

SHA512
18733d7f69a44f70c30b3f30e449523e5b51bb442a21386a1ca9e44afc23904b495e63bf1dc62f6e4cc1f36078b08a2ac5140abfc846eb4f75527baa78a684a4

Download Submit
/data/user/0/com.playstack.balatro.android/files/PDALIFE.conf

Filesize
101KB

MD5
b23012fb828cc7dae1a986c85b4a5268

SHA1
f2c4e9c0df1d0bb678e3b720e7d2bac4bc1f50d0

SHA256
a240d2d7d7b76e122645e188209c00bb52b89d658f98fb0bc333b7c3c936e306

SHA512
6b3407df0c6298bec3711e37bd649d821c528406f2a61e23b7272c69957a42e80d0d5e3be4caf19369fe1ace88ba14cbe92f884e8042c81ef43d55169a67067d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads