cc36161b6d8ea29528bed7d5883ad260cfc8d8e32825938c52e93c1a495c355b | Triage

Sharing

General

Target

picasa39-setup.exe
Size

13.0MB
Sample

241125-ne62pszrcp
MD5

3df3d3c125d3bb1a5bd55e88f9e48920
SHA1

72f3e2f18e83d60ec657f03c341a3c1df701c2a9
SHA256

cc36161b6d8ea29528bed7d5883ad260cfc8d8e32825938c52e93c1a495c355b
SHA512

a171cb62b35f63749f25196f5f94805f44b1795ba9d0c4e9a26f2511afff82f500f76b913b96f83e777e0a4089a4dcd5d804b1fcd5a655dc094b741198b25bcb
SSDEEP

393216:1pOtxS2JzVMrK5r8KmON15WytJQmA79/uFJOV:1pgxSezmdq1ztJQl

Score

7^/10

discovery evasion execution macos

Malware Config

Targets

- Target
  
  picasa39-setup.exe
- Size
  
  13.0MB
- MD5
  
  3df3d3c125d3bb1a5bd55e88f9e48920
- SHA1
  
  72f3e2f18e83d60ec657f03c341a3c1df701c2a9
- SHA256
  
  cc36161b6d8ea29528bed7d5883ad260cfc8d8e32825938c52e93c1a495c355b
- SHA512
  
  a171cb62b35f63749f25196f5f94805f44b1795ba9d0c4e9a26f2511afff82f500f76b913b96f83e777e0a4089a4dcd5d804b1fcd5a655dc094b741198b25bcb
- SSDEEP
  
  393216:1pOtxS2JzVMrK5r8KmON15WytJQmA79/uFJOV:1pgxSezmdq1ztJQl
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/NSIS_Picasa_Unicode.dll
- Size
  
  116KB
- MD5
  
  ba1fab5556089b2f83b816dde35c6132
- SHA1
  
  5318b0c62b993377de2e0295f1e2b7a1675c595e
- SHA256
  
  9e95b4566ea243c0a6743b5b0626fcf18ec98e38415b62f94f6cbf38276d7fc4
- SHA512
  
  4c04e5ce6cb339ad22a77889c11775a263ef13322f37bc9c982ff208852b091809a0c63a7c9515949f81f3ab253a417f93adc6d2eeed9a801f2254fbb5236a50
- SSDEEP
  
  1536:dOtqwO74MR/Ynna5Rig8fsrjPxSh7Y4MzpI3i0ALxAgfIVFBkIw9PntNHP6oHj:dOtq97b5oNqzv0WAZVFmIw9vtNv6C
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  22KB
- MD5
  
  56902114955a13ec66bd3a43eaeb46ed
- SHA1
  
  0d0bf7e94dad5b04b6da52ed5e4425b17355e10d
- SHA256
  
  5b7070e98320f38cd913893c813e59863ec833ec598208f5d33217a120e3e043
- SHA512
  
  028c79ff7b4c3b9e731904108dfdfe359bab1c29b53feea758714c7d8e86a1c93193cf80b3e41d691e6a4da08c2de18851a6ff53ac4e612c1000b1930780251c
- SSDEEP
  
  384:/ZXKPdeCX+qEHZT7QtPbCqET5E1lMFCUjaAWhTGBgFJKsddmAkBUG:/ZXsdeCXCHdctPbCqpgyVFJ4
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  3e6bf00b3ac976122f982ae2aadb1c51
- SHA1
  
  caab188f7fdc84d3fdcb2922edeeb5ed576bd31d
- SHA256
  
  4ff9b2678d698677c5d9732678f9cf53f17290e09d053691aac4cc6e6f595cbe
- SHA512
  
  1286f05e6a7e6b691f6e479638e7179897598e171b52eb3a3dc0e830415251069d29416b6d1ffc6d7dce8da5625e1479be06db9b7179e7776659c5c1ad6aa706
- SSDEEP
  
  192:eP24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlbSl:T8QIl975eXqlWBrz7YLOlb
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  dbdbf4017ff91c9de328697b5fd2e10a
- SHA1
  
  b597a5e9a8a0b252770933feed51169b5060a09f
- SHA256
  
  be60a00f32924ccbe03f9914e33b8e1ad8c8a1ca442263a69896efba74925b36
- SHA512
  
  3befc15aab0a5dbe7fde96155b0499d385f2799b1a2d47ce04f37b5804006b1c6c4fff93d3cedb56a2a8172b23752b6f9dc6168cfce3596b91def3247836cf10
- SSDEEP
  
  96:33YnIxFkDUGZpKSmktse3GpmD8pevbE9cxSgB5PKtAtYE9v5E9KntrmfVEB3YdkS:33YIvGZDdtP8pevbg0PuAYK56NyoIFI
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $SYSDIR/GPhotos.scr
- Size
  
  4.4MB
- MD5
  
  404c6c3c3a59784456da52660f86c52b
- SHA1
  
  b3917505f1374e002e480b0f9684945c57b73a98
- SHA256
  
  7479d71a52d7a638fe6cd6d0e494b8a6cacd8a5cb04a3ebe8d95dd30023901dc
- SHA512
  
  9b997a67b91b16d365c94f102e4d12fb313593cf4c444fbaa7f2d2d1e882659b03b8199de6eff9ea65c2a3fa9d646bb2ecec4c952e99da6f96fcef3af11ca256
- SSDEEP
  
  98304:zZm/RKAjTcGEPdnHbLXt/34smaZmaRME9i5:zZmJEL9PJmaZma
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  MovieThumb.exe
- Size
  
  698KB
- MD5
  
  3436235e704354aa6374bf689e7078aa
- SHA1
  
  d822ee85d9c9ebb7ea041f6c5c9d7280857c2610
- SHA256
  
  86ec3a8b305bfd4a63dc1ca9bd8319ec508a63966954e6fdcc4152e9d399b829
- SHA512
  
  7058511cf68f7d6964d1c6f26e9a7a6493ecc9d639a91c31993301e727e19aee02eb8fb3272c23c481471fb56042739c3bf7b5ed18002ae2074217e20d2a21df
- SSDEEP
  
  6144:v7VRQ6qrhkVdsv1Qf4F5uIJ3ZtJr+lKWK7sAx9lyPiAf4Xw5tyFtV25qNMDp7sfG:1sOQdZtJ6lfBPiCnXyFt1NpElDL
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  Picasa3.exe
- Size
  
  9.7MB
- MD5
  
  6ad50a491f52b1cbece23b603037fbdf
- SHA1
  
  4acfb5f57a464610483a7d652cc5f4d1c5f427cc
- SHA256
  
  b4684fb49917bd97741802848a8b7eac189a178df56b7fcf5d0b078d892502a4
- SHA512
  
  ccaa8a1300ada8c777d32ab51b6c1687b120cfa638ff0c20f1bed78d63fa1020afc69717e8dee7414cc139a7cb5f6871c96568bf85190ee74289f1d1f363fea0
- SSDEEP
  
  98304:HaqI8i+KtvpruYTi8cg7V0E+wAXbKkCmryKBOCdERqRLts1moR/TZDSYOPMeaC9R:HQ8i+CvRHAgBVkvmKBtdO0sELn
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  Picasa3i18n.dll
- Size
  
  25.7MB
- MD5
  
  a7b28efe1c5d15f3a3f99756aadcea0e
- SHA1
  
  d60c036e436d570ef62a71157a37173deb036b26
- SHA256
  
  05b40c68ba874537a76a3c03ce094884e288a2c7055fb99329bad3bc2104cf04
- SHA512
  
  7bd42ac92b2f5c67c9c24f5adcc136d342f92c48ddc07dff31f44827c57bdf621deabf890fee0dd19dadd7eeee7c9e16cfad630da538a24b1ef7849498f57972
- SSDEEP
  
  786432:C6MeKCjUAb1Olphfd7hbvTTyQ6MneaivIsXHPTqO2D8CYjzyGJDYBCZW0C+8k7sz:y
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  PicasaPhotoViewer.exe
- Size
  
  4.6MB
- MD5
  
  69b20702debc005cd1da0906b4a3c4f5
- SHA1
  
  3194ec345ed795b0e86d46ee88bfb8781c681c82
- SHA256
  
  4bd5f244c5ee6adab8d3f20654eb4d3b418cd214a8abdf8fd4392310927c1413
- SHA512
  
  0696b0ebf05ca8d3a6e2bd1fefeaca8d507d54d2398a05bf13fda2cf516206258d0d4973625a21088eb27fc332b4ec3f44e363fd63b4cb3ecf1ea4b093c039b7
- SSDEEP
  
  98304:u0dPlpKnp1hil+Pd/GNUvx7sHw6dSXXahK9aZQ+3QuNR6RbXx7vI9PR:umpWp1hVvetdSXXahKMZQ+3QuNR6h9K5
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  cdautorun/Download Picasa.url
- Size
  
  52B
- MD5
  
  cb16622bb664586dda57f073fef23116
- SHA1
  
  b2f464db05f7163aaa5503c14ef488a4a7613875
- SHA256
  
  806974d5a03a6c57dbe4694219f4b0c0540574d2a4cef3eb5ef11d1a78aa6782
- SHA512
  
  6270a2d76d0038fbde1a5aa746efa1b049039099a9df4f19b35d76e1c2ef9250cc7c300604816502c447f1532c550b9cf63fdb8f0bb7a78e1dc8ade37d6e237d
Score

1^/10
behavioral21 behavioral22
- Target
  
  cdautorun/Picasa CD Slideshow.app/Contents/Frameworks/GoogleBreakpad.framework/Versions/A/Resources/Inspector
- Size
  
  120KB
- MD5
  
  ce34cf0e6dba7e4e003e20bd076e4f21
- SHA1
  
  60df0d3f38d36c83c13ec1d89ec142373a96538e
- SHA256
  
  b046837030fe7cf858b856f2ad53c1fd8c5e65b362ffd43954a498434153e989
- SHA512
  
  a669c9b5ab788371b35bd08c5a9ea344181fff4aea501d7c248c5668182f579ad523c0035a72a04d8fcbb14b0cdbd0c09e4f85f18fd9e27e36ea783a675d4060
- SSDEEP
  
  1536:z5BbaTOV0iKSd2JNGfYWB7P6mzh5CWzpf/cjOVYXzLDSPD0vvpN:z5BbyOV0iKSMNU9CycIYXnD4DmBN
Score

4^/10

evasion
behavioral23
- Target
  
  cdautorun/Picasa CD Slideshow.app/Contents/Frameworks/GoogleBreakpad.framework/Versions/A/Resources/Reporter.app/Contents/MacOS/Reporter
- Size
  
  89KB
- MD5
  
  df5a8247b6a561ecd330bcdc0644a674
- SHA1
  
  ea83636bc0af94f179dd9884650131529aa3e69f
- SHA256
  
  20ca80f33ec6adb69ad3f2fa721dfab4e848c3baf6ada434c040228bc2f46a6c
- SHA512
  
  0503e22366ec17ff522ccb83649873e8a162aea720baa3615784c162fbc617e81d3833b35c93685eed27a750bc60bf13b1778681d076d61dfb24413ad3b5c019
- SSDEEP
  
  768:f3AM5SGsUB0M+DWn7d8qze8FNJrEWniUfIkhLQPbocdHB6jbZIb4N09:fBqW7qpG/nzhLQP1vJb4W9
Score

1^/10
behavioral24
- Target
  
  cdautorun/Picasa CD Slideshow.app/Contents/MacOS/Picasa CD Slideshow
- Size
  
  1.8MB
- MD5
  
  ff9f157a8cf48e7e5e287c7a6b7757c1
- SHA1
  
  244404b50a4b14ec4e7c6d93924db62de0e63198
- SHA256
  
  af33060f5ffc26fdaf643df1a4cb53a53756194ce551db37e9b33b5c2c68a709
- SHA512
  
  56ab69ac160bb06cdc9d9ecc459b06c8ec853db3c7898b961d0dd58ae598ded5b83519371bb8a918145a5bb6dd0262476e307b25f68d490e3c576cdd2591a4e0
- SSDEEP
  
  49152:u3TxLATxLTBzpgHppICpf7Ne+X0jA7zBaXwvbTTCnfR:uyBzpgHppICpfxe+kjrXwvOfR
Score

1^/10
behavioral25
- Target
  
  cdautorun/Picasa Restore.app/Contents/Frameworks/GoogleBreakpad.framework/Versions/A/Resources/Inspector
- Size
  
  120KB
- MD5
  
  ce34cf0e6dba7e4e003e20bd076e4f21
- SHA1
  
  60df0d3f38d36c83c13ec1d89ec142373a96538e
- SHA256
  
  b046837030fe7cf858b856f2ad53c1fd8c5e65b362ffd43954a498434153e989
- SHA512
  
  a669c9b5ab788371b35bd08c5a9ea344181fff4aea501d7c248c5668182f579ad523c0035a72a04d8fcbb14b0cdbd0c09e4f85f18fd9e27e36ea783a675d4060
- SSDEEP
  
  1536:z5BbaTOV0iKSd2JNGfYWB7P6mzh5CWzpf/cjOVYXzLDSPD0vvpN:z5BbyOV0iKSMNU9CycIYXnD4DmBN
Score

4^/10

evasion
behavioral26
- Target
  
  cdautorun/Picasa Restore.app/Contents/Frameworks/GoogleBreakpad.framework/Versions/A/Resources/Reporter.app/Contents/MacOS/Reporter
- Size
  
  89KB
- MD5
  
  df5a8247b6a561ecd330bcdc0644a674
- SHA1
  
  ea83636bc0af94f179dd9884650131529aa3e69f
- SHA256
  
  20ca80f33ec6adb69ad3f2fa721dfab4e848c3baf6ada434c040228bc2f46a6c
- SHA512
  
  0503e22366ec17ff522ccb83649873e8a162aea720baa3615784c162fbc617e81d3833b35c93685eed27a750bc60bf13b1778681d076d61dfb24413ad3b5c019
- SSDEEP
  
  768:f3AM5SGsUB0M+DWn7d8qze8FNJrEWniUfIkhLQPbocdHB6jbZIb4N09:fBqW7qpG/nzhLQP1vJb4W9
Score

4^/10

evasion
behavioral27
- Target
  
  cdautorun/Picasa Restore.app/Contents/MacOS/Picasa Restore
- Size
  
  292KB
- MD5
  
  8ea8e704430f905efc4404bf0bd80355
- SHA1
  
  d0aa91582a1d5719d03651a461b9ab80424003cf
- SHA256
  
  ef51fc456ac12fdd4a20be93338de48462f19b298b959789b42424a1c1a79055
- SHA512
  
  22cffbea8cd21089e949bf4c1f688dc224d6bcb292b9e95eec4db3283aa1744ab2d128e65143783d1ba45e2ff61bdcdbccafdb9a642b6b7b1a2028ab4c5484bc
- SSDEEP
  
  6144:2HW8nucbsNtOWc+12xFenLnlGt5V2HkB6pR:EWcEAFunUSpR
Score

1^/10
behavioral28
- Target
  
  cdautorun/Picasa Restore.app/Contents/Resources/sv.lproj/PRMainMenu.nib/keyedobjects.nib
- Size
  
  23KB
- MD5
  
  aa7078d28e88d711fa2913b3a7037511
- SHA1
  
  9236f3ae0a438cd8d483319ea13478dd4c575212
- SHA256
  
  d3dd67af69cb930cffb7026afd2ad7f3ae698280e65a0ffbd18c2d87cdb777bd
- SHA512
  
  303d061d6a98fc7ac6539e5e1f8068eb05603afc06608f181038c5a3e5528ba8344f8cb5d56f8c9e6eabd73beb5243f4c14a1d2afa37b413ada375caaed510dd
- SSDEEP
  
  384:rCioV8vV+6SwN2TirM1Esh08sXUrzMFfsTOcyhs4XpR7WuasT/dOdRqrsQzRnceK:rCioV89+PwUTZ23ht+DshIINzRPtq24t
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  cdautorun/PicasaCD.exe
- Size
  
  1.8MB
- MD5
  
  1905daa36ac5d7b30ed79a232766e510
- SHA1
  
  60e0495a78513cda4959289ae3cdfb19c0e782f6
- SHA256
  
  b96bf61562a551184301e26ae475d63421dc8f22c6ca574f12942439efd59023
- SHA512
  
  379f5a389a7c5783ca9e08a46a08e4c526ab41104adf5e1ba61e50feb66a49dd8ba502952805e779382d5c7ab278971dbf9fbcf871497a6b48a0a256ea07d1bf
- SSDEEP
  
  24576:slq+TZtG00f3GQgYHhDZRkPKIHJ4uyFte6diOcOyTBlfrD:MNTZ0VDVRkP3pediOcjTvfrD
Score

3^/10

discovery
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Resource Forking

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32