Overview

overview

10

Static

static

3

Davinci-Re...er.exe

windows7-x64

10

Davinci-Re...er.exe

windows10-2004-x64

10

Davinci-Re...47.dll

windows7-x64

3

Davinci-Re...47.dll

windows10-2004-x64

1

Davinci-Re...eg.dll

windows7-x64

1

Davinci-Re...eg.dll

windows10-2004-x64

1

Davinci-Re...GL.dll

windows7-x64

1

Davinci-Re...GL.dll

windows10-2004-x64

1

Davinci-Re...v2.dll

windows7-x64

3

Davinci-Re...v2.dll

windows10-2004-x64

3

Davinci-Re...ain.js

windows7-x64

1

Davinci-Re...ain.js

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Davinci-Resolve-Studio-18.zip

  • Size

    21.4MB

  • Sample

    230610-lthljsee94

  • MD5

    cd602a75fc458e217d332b40121fcf68

  • SHA1

    5bad1230eeecb308773b153a594b285f15fadb1f

  • SHA256

    f89beed6469729d774f3a6769e110beb976cb47b63c306e03d4d1f3b32916e03

  • SHA512

    5dd8ff9b8bb0a373b6dac1428475ab6eab8003fbd66764915bc4d1038e5d812bd13c0c7cdc72e2f285079e879319d1997968ca0309478c5731e47fb1531bca9e

  • SSDEEP

    393216:wlawV1LCi7FI5Ifsy41DulmiAJcFZoN6ks8I9jPxiYoNBjordRbKra:EVltFkIfshBulmiQkkst+Y0ErTbua

Score
10/10
redlinediscoveryinfostealerspywarestealer

Malware Config

Targets

    • Target

      Davinci-Resolve-Studio-18/Installer.exe

    • Size

      9.4MB

    • MD5

      a6a2b700236d48e319e7919f807147e1

    • SHA1

      8e121c4cf015b0110eef348f677e01fdc7c97ac5

    • SHA256

      b7b643660aa01c676b6cfdbe260fc20194c3b3572716bd7ba50a28837d875486

    • SHA512

      109913d83989e9be2dce7bbfff812da3f88bfcb077dcad23e9ce4611fe2a402842a8be7123c0628743534836444c586c410f7441530310c50e9294bae2d0759a

    • SSDEEP

      98304:CyhdUcKwvFTWKhHlwLXJDntBksKY+ND3WyA4+TLVei10vMzPv8/4C8B5XVS49Xzz:CykIvNpHqVnJ45/9iD54+V11bFv4zG

    Score
    10/10
    redlinediscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      Davinci-Resolve-Studio-18/d3dcompiler_47.dll

    • Size

      4.7MB

    • MD5

      cb9807f6cf55ad799e920b7e0f97df99

    • SHA1

      bb76012ded5acd103adad49436612d073d159b29

    • SHA256

      5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

    • SHA512

      f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

    • SSDEEP

      49152:IuhjwXkKcimPVqB4faGCMhGNYYpQVTxx6k/ftO4w6FXKpOD21pLeXvZCoFwI8cc:oy904wYbZCoOI85oyI

    Score
    3/10
    behavioral3behavioral4

    • Target

      Davinci-Resolve-Studio-18/ffmpeg.dll

    • Size

      2.7MB

    • MD5

      6e338076631b297dadf69efdafe37a08

    • SHA1

      d20dff20a4435ab6883cecb9637b812766c003b4

    • SHA256

      eaea62e60da963104c457ef6bffaa773adc2f4b4c7f4f5d5b8b3bf99aefbe0b7

    • SHA512

      a7b59421549a2e53d732ee7f1a16601303d4a63dc9383429e9d1e4aa30c947ed2c79d84754ce0fa8b26fc7a9543a6644683dad77e1a15a4cd9c88b811a947173

    • SSDEEP

      49152:98qdAmBRsEsA2lydpsV2+ulbCVCbBdRXLvPznKF76ayToQVNU52kJ8dj02bfUCfR:XdZB6ssV2vWCbB7K7ryToQVNU52kJ0Up

    Score
    1/10
    behavioral5behavioral6

    • Target

      Davinci-Resolve-Studio-18/libEGL.dll

    • Size

      460KB

    • MD5

      2a5a813c8a81ec14994518e90277121c

    • SHA1

      4fa9a2793de2be8ebfbfaa7b71ca59dd979122e6

    • SHA256

      a0e6fed9482708689af7f8dc35b96f43ce87cb47e2f869f9cac673eb1bcf6d8e

    • SHA512

      5bdf12b61e39c012aecda74f1b69244fc6950c63285cd575856d38459abe79fb260d27a3bd115f5730920f04ff08a6eb49fc8bc86b61327521149ca41ef2097e

    • SSDEEP

      6144:nKEcTs/jvtGCIvT/BIy/71C6h7i6DPgwlXwuxkC8wmxj8hLeC:nKEcTs/jvtGCIb/BI/CLPzxk7wmxj0

    Score
    1/10
    behavioral7behavioral8

    • Target

      Davinci-Resolve-Studio-18/libGLESv2.dll

    • Size

      6.8MB

    • MD5

      b940fc514e7363ffa2ebe6bd594924cd

    • SHA1

      b613f70179e35636fad9fc69f9d3c8560ec76c59

    • SHA256

      05cccea17cebe7f2c4b6cf25b6fe66ea50ad74e8d98a416e3e875f0a85903fb0

    • SHA512

      4a0419653bea2835677951ab889555c9c38ba65791990a64945cf16161992b69d565272b1789260ed3e05de2a21b8e49b5ee5c3534b35e8e665bbe4922e3a2a9

    • SSDEEP

      49152:d59vei/JY5TCnQZ3/nWhLl/07TlVMpDFR96PEtMHPZO926fbFbtf6sgylZy8Y2cH:GZ/WhR/o2Yr8rAjWedDBVm

    Score
    3/10
    behavioral10behavioral9

    • Target

      Davinci-Resolve-Studio-18/updater/app/main.js

    • Size

      1KB

    • MD5

      9835655c11fcdae075468ebc6e4e4bb7

    • SHA1

      99d8f9bf6c1bbf77c18a1e555c675c02d09fa1a5

    • SHA256

      abed0611d67db038b91952c10b45fcac6b780c13c2c2d88a7104d8390f25ebf7

    • SHA512

      e9487a927afc4d759c8d8d2b0a206dfcb5d69ae250ac5a4fe33cd4e66755529657e63b48d16e4dbc715bc71400953f78cf90fd01fab534f2fedf937bffe5df7b

    Score
    1/10
    behavioral11behavioral12

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks