fcba6631b46e0e12601c371b19d1d4a3c8209c8b70831e548f23ef89a648dc9b

Sharing

Copy URL

Twitter E-mail

General

Target

Balatro.v1.0.0L-Unleashed.rar
Size

56.8MB
Sample

240311-wzmgsscd84
MD5

cdde2c728de5d9684a7b927caebf626f
SHA1

0383dbeb5e6dc8c4feed08344e58b29cbf425d42
SHA256

fcba6631b46e0e12601c371b19d1d4a3c8209c8b70831e548f23ef89a648dc9b
SHA512

9cfdb093490c2e89f2ce258125929fb616675ea302532e9d397b9055253411c8c4331d5364afef0568de00a9fe94ba9fb59fcc8baf7649810b60d684d11b7596
SSDEEP

1572864:eWL6WAlY8QAygH2hHdUrRfIM00UCOwQeX87:lOWd8QAy5hGRfIMvLjhX4

Score

8^/10

Malware Config

Targets

- Target
  
  Balatro.v1.0.0L-Unleashed.rar
- Size
  
  56.8MB
- MD5
  
  cdde2c728de5d9684a7b927caebf626f
- SHA1
  
  0383dbeb5e6dc8c4feed08344e58b29cbf425d42
- SHA256
  
  fcba6631b46e0e12601c371b19d1d4a3c8209c8b70831e548f23ef89a648dc9b
- SHA512
  
  9cfdb093490c2e89f2ce258125929fb616675ea302532e9d397b9055253411c8c4331d5364afef0568de00a9fe94ba9fb59fcc8baf7649810b60d684d11b7596
- SSDEEP
  
  1572864:eWL6WAlY8QAygH2hHdUrRfIM00UCOwQeX87:lOWd8QAy5hGRfIMvLjhX4
Score

8^/10

discovery persistence
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  Balatro.v1.0.0L-Unleashed/Balatro.exe
- Size
  
  52.9MB
- MD5
  
  67879618a7171c53615b4d0a6754f8b9
- SHA1
  
  fd9a9429f3b5d4927bc950b4f8be24922fa7c191
- SHA256
  
  8da6d6246d118e8cfbdfb372bcddd1b236bae48fcd73a2f87d9cf9adef2c7656
- SHA512
  
  22dc6a35f428afe6e7609c91a91bc1df44f884b88f9e2b46e27762ea5e5c4ef636110da4dc022425ef40c341469f7fbb64a12afa991c79315fd723a959b6b922
- SSDEEP
  
  1572864:n8bQ22JtEJpUjKaMCy534n31u0uT2C2CB1lWE:8bQ22DqzaMJKuTOCB1lZ
Score

1^/10
behavioral3 behavioral4
- Target
  
  Balatro.v1.0.0L-Unleashed/MrPcGamer.com.url
- Size
  
  120B
- MD5
  
  c461dae867eed4072211cf709fa70a20
- SHA1
  
  2fa5ce6734f5edd0a213a5b1c9e4f75d3160f3c7
- SHA256
  
  2930c58a0b49ef48370f91801e37499f605aa396169e776f78fa7d8b9445f158
- SHA512
  
  501e0ddfdbe64331941e268a5362ef0a66f207f442f7341a5e5cc1a1a84581d7f3e610fa52ba06a3cca9c09fa061d01b9c4e3b17498e5228639c2c3dbca12cb8
Score

6^/10

evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
behavioral5 behavioral6
- Target
  
  Balatro.v1.0.0L-Unleashed/OpenAL32.dll
- Size
  
  877KB
- MD5
  
  750a9cd07b5a6d50cac0502bb680c4a5
- SHA1
  
  419ca8aae5ae369a091fe61f3b090d2d0ac67ff8
- SHA256
  
  434e8eba07e81717162e08b8340b0e297aa169ea539196db6cc90903c0164109
- SHA512
  
  7b502a6b14273df3fe4b510164d5a7a61bb692d3fa064786cc6754aaeb7e319b071555451022705ac102bf73f5f3a613e6c6ce6baf110633edc09610ccbf318b
- SSDEEP
  
  24576:GGD08N2TZblt1a36c8/M3puBuAwgFpti336K:hN2tltU36c8/MQBuAvpti33B
Score

1^/10
behavioral7 behavioral8
- Target
  
  Balatro.v1.0.0L-Unleashed/README !!!.txt
- Size
  
  120B
- MD5
  
  840c2a2a85b8d0ef9ccf583aa9b453f5
- SHA1
  
  09557bb571d8c7b194c062d2f766ee605a64c631
- SHA256
  
  5a8d0aee7fe55b066c45bc2e04d2ae4702cf78e7e6836319fdc9d596e0f33eb8
- SHA512
  
  db0e7d9846dc64ba6dc4472c6db19c57e6cc68ae21f58dea3ed2eaafad249dcf59358e5081b8bb17c4498d72c19bd53cfdd3be612ca129a2b674451ed88d8749
Score

1^/10
behavioral10 behavioral9
- Target
  
  Balatro.v1.0.0L-Unleashed/SDL2.dll
- Size
  
  1.6MB
- MD5
  
  50187e47bfde8327814096ec6e8d3913
- SHA1
  
  cd2803a1ab46826fda2d9a22c5ce899cd07ae39c
- SHA256
  
  83f63cda993537e85165f396dca9668ce49baaef17d3532b24ef87fbffcc8a97
- SHA512
  
  e82554d69c6d3766ae062f37a8dd242c5568a6bbf5d90586144c9929fe18ebedd50711dcf2d38933079671d2b4f90557901a0c2edd8ac4d5b914faecf4d5b45b
- SSDEEP
  
  24576:oh35Tu2hRQiB4b37eMcD0+UXMHa9HrwPyYlR4lHoYaY:oR02/Qic7eMz84wnlG
Score

1^/10
behavioral11 behavioral12
- Target
  
  Balatro.v1.0.0L-Unleashed/https.dll
- Size
  
  63KB
- MD5
  
  d86732797537f128799f4753ccd39436
- SHA1
  
  b3b0e5e7eabc0ac9289a305be70ccc1351a39bd8
- SHA256
  
  8a704c903575c2dbbc109869d179e8213d2574885f3f429173869dd75620b39c
- SHA512
  
  0d76d319f6fac139185af7c9d843b3376bc7ad217c4aea41c8f8192a34d536cf8aced600bd7fecc764235bda176e51e8d031cb953def1135600e5c78cc281bac
- SSDEEP
  
  768:cWfyHGDlnwyEv91+AS2qQYpadRTXMX7RUPpKWsohqlGjtG9A0jVGUUXHwUo0J:cWfyHEmvA2SpCBMX7RUgpiGSHwUom
Score

1^/10
behavioral13 behavioral14
- Target
  
  Balatro.v1.0.0L-Unleashed/license.txt
- Size
  
  72KB
- MD5
  
  02cb6faf045e43e91ec308b066bee16c
- SHA1
  
  eab9ed94ce78b5b2f7a9e885900e0edd358fc48c
- SHA256
  
  4ebd1f337cc55f17f520004d6943f8d5d07f9647d329950b66bbd17cf0d6341c
- SHA512
  
  aad525db24fce27333a6f9a3391b2cf543e258cb600db03513598b61de8b0eccc368a6240fe37489ea7fe7d35894929e586f01b37b04fee2840701abd33ceba1
- SSDEEP
  
  1536:zfTbZ/Xp+28CRZwBhxzNvi3yYjV7oKxnraxaAelTPsCVItcxhe:bZ/Xp+288wXxZaCYjV7JrSZedPsJihe
Score

1^/10
behavioral15 behavioral16
- Target
  
  Balatro.v1.0.0L-Unleashed/love.dll
- Size
  
  4.6MB
- MD5
  
  67a825a14ee72b670011722984852011
- SHA1
  
  0ff63efbdf8f47c0d5272f90654b1526adebb575
- SHA256
  
  18025808e7a184715d75bf49f4bfe24ffd5c2acc2702836e6ef3935b60f06b30
- SHA512
  
  789781baadd5346994a4cb1f8ff5aaa14cd7a9b8ea406b1197e14337d39e60d8e7dd2dc5763d3109b13b8a904064461a8323c38622ddaf974aa1b5337e69453e
- SSDEEP
  
  49152:4fKHp/lYNwY8EKjTcDL1FEXNRK/sQch2vjqoHXLZngdAJd26EaA+2P2COvz03QAh:ZcDQzwrqgr8VyNNVasfi/M2
Score

1^/10
behavioral17 behavioral18
- Target
  
  Balatro.v1.0.0L-Unleashed/lua51.dll
- Size
  
  554KB
- MD5
  
  e0e12c148ec7439f7f2d7b927e123942
- SHA1
  
  f0b88c9985195558e12bc00f8a31422861e73908
- SHA256
  
  29e5b0b67593ebb77e0f681ca0c2dbcba9efcecee7d71591f5c91be5760c963e
- SHA512
  
  35ca3de41a3eee6f99766682459e7808d17b37d92decae6cc4f960bb5219eceb6165ee21db8b038f5669f6852854e6c2c0a6e4104787031a2da52bd3f813cff2
- SSDEEP
  
  6144:QBqp9OvdK+PSbgI1qBK5tl1TUdxaE17SA7knaXMwEd3oBi60b0Nf0H8qdP1/Z:Kq+vd0hn1TSxaE17SA7YiEuBJI
Score

1^/10
behavioral19 behavioral20
- Target
  
  Balatro.v1.0.0L-Unleashed/luasteam.dll
- Size
  
  189KB
- MD5
  
  3a9684714ccd9f25a9a6d94de9972f8b
- SHA1
  
  694380cc1b4fe03d6d7def8384b9ec6c62ae2949
- SHA256
  
  737d63541c206e5f88298022c48c7205b0fc72a07cf051a354a6fae2bcd88f49
- SHA512
  
  d227eec2d8bfca1afef5bc89a5b6a1ee81edc731793fa4bf91edfd824f3b3bc969bf663b18de97aa0ee2d3b999ae40e2a81a1d9a828f0324c5a0880fc5a037a2
- SSDEEP
  
  3072:WXEgpcnvT+hGh9D9z3rQ4Glx4XHz/Y0kyDp1VhfYfPkuZMgRs:8OsGh9DhEHlqD+E1wkCJi
Score

7^/10
- Loads dropped DLL
behavioral21 behavioral22
- Target
  
  Balatro.v1.0.0L-Unleashed/mpg123.dll
- Size
  
  212KB
- MD5
  
  1063bdbb4cff2f688e77df90b1873b01
- SHA1
  
  917beda2a65f64a089fbcff75620319df0893924
- SHA256
  
  a58a87086194c25e6f13318cb4b4eb63030e936a835f9740a773d9a421264cf5
- SHA512
  
  d2f1683d8682c7153e92164570dad11d404544487a6af178098dd71c9f25424662f926feba24929862ba8cd17f5f7f6b49614bdeb83aa9f90ccaf374efd42faa
- SSDEEP
  
  3072:VTpbCxfWMQjwP/3PsBrfSImZZ2h2sbj3R7pk1O0b1IRYd7hj9eqWxzQ962ij:VTpfGImZZ2h2sbj3R7eTI8d9MxE91i
Score

1^/10
behavioral23 behavioral24
- Target
  
  Balatro.v1.0.0L-Unleashed/msvcp120.dll
- Size
  
  644KB
- MD5
  
  46060c35f697281bc5e7337aee3722b1
- SHA1
  
  d0164c041707f297a73abb9ea854111953e99cf1
- SHA256
  
  2abf0aab5a3c5ae9424b64e9d19d9d6d4aebc67814d7e92e4927b9798fef2848
- SHA512
  
  2cf2ed4d45c79a6e6cebfa3d332710a97f5cf0251dc194eec8c54ea0cb85762fd19822610021ccd6a6904e80afae1590a83af1fa45152f28ca56d862a3473f0a
- SSDEEP
  
  12288:N2fus43uu43Ry4GHlT4xH2K+M+/i+WSpY+7YOzCaK9A3gS2EKZm+GWodEEwnyh:muJzCaK9AB2EKZm+GWodEEwnyh
Score

1^/10
behavioral25 behavioral26
- Target
  
  Balatro.v1.0.0L-Unleashed/msvcr120.dll
- Size
  
  940KB
- MD5
  
  9c861c079dd81762b6c54e37597b7712
- SHA1
  
  62cb65a1d79e2c5ada0c7bfc04c18693567c90d0
- SHA256
  
  ad32240bb1de55c3f5fcac8789f583a17057f9d14914c538c2a7a5ad346b341c
- SHA512
  
  3aa770d6fba8590fdcf5d263cb2b3d2fae859e29d31ad482fbfbd700bcd602a013ac2568475999ef9fb06ae666d203d97f42181ec7344cba023a8534fb13acb7
- SSDEEP
  
  24576:FkZ+EUPoH5KTcAxt/qvRQdxQxO61kCS9mmWymzVPD:FkMAlM8ixQI5C6wl
Score

1^/10
behavioral27 behavioral28
- Target
  
  Balatro.v1.0.0L-Unleashed/readme.txt
- Size
  
  4KB
- MD5
  
  05cb183078280382adf73bfc14ad9c02
- SHA1
  
  a3b8f8c84bc7a12514f5521958bc5e43b9abf4cd
- SHA256
  
  9cf6172876b85771d0dd6463bd92786b77bd40510d817eceaf5ff459611ce225
- SHA512
  
  332ce80a0c78bb2123af189be75c1d6b984a5ee7ce5c5f0c9503ccd17e2d61c9b8870d3ca34277460c6a1f3502dd564cf832a9d0b95ac8d384bdb89a6c838add
- SSDEEP
  
  96:Ltg9ZT4kpgOq7veiE9aHoemrjDtAG1GpGT2QGTHG85/GTHG8QJOuf1:LSZUzvMaIekjDtAwgy2QyHT/yH6JD1
Score

1^/10
behavioral29 behavioral30
- Target
  
  Balatro.v1.0.0L-Unleashed/steam_64.dll
- Size
  
  1.6MB
- MD5
  
  4261667c2cac5f3eb057b161a6314f34
- SHA1
  
  fe799892da89be2d0711bb9d63fe3d5c7fde335f
- SHA256
  
  94c3750a4cae3af4238af55baf20c3a20fc9b9558dcc40faef869fde747b503e
- SHA512
  
  f7a0cd2b77b201e6d8ffa9415acffc73c300e2ab504373409d30e95f017087b3473a99d5df53872c0419199a637259b4f1520472dc5c695a6bd93210c9af2257
- SSDEEP
  
  49152:TgkG+zXFU4++SBsLTlfc3E1vLrPsZ+Wbwp24BxwxokB4+YRXyRZKeZ14qNvnfC:Pp++SBsLTlfc3E1vLrPsZ+Wbwp24Bxlq
Score

7^/10
- Loads dropped DLL
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

Drops file in System32 directory

Checks whether UAC is enabled

Legitimate hosting services abused for malware hosting/C2

Loads dropped DLL

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32