General
-
Target
w.7z
-
Size
295KB
-
Sample
240324-rsagfadb97
-
MD5
0c706908df97857255252837ac1b90c9
-
SHA1
699ac4610e3a10f132681240459371ac574490ca
-
SHA256
7699371e3f6c0b7dc0e333109ffc195e532dbdbb2d9f3c64271376165d717d76
-
SHA512
0ff1209e162d3ab957f59386252893a104d0da21fb36c7c5b5704d83c9cc78e9b200c45ae841b9b9de15f9efd7834c9edd76bddede2f80fc0bb28d1ce65c0d9e
-
SSDEEP
6144:7zIqbCi32D9ebxtBdbRbzfu8SpTJSLzSBh+35CToepB2qycqJQbGTqh:7zIqeD9ebxtBdV28YTv+JMozqGi6qh
Static task
static1
Behavioral task
behavioral1
Sample
w.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
w.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
C:\PerfLogs\akira_readme.txt
akira
https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion
https://akiralkzxzq2dsrzsrvbr2xgbbu2wgsmxryd4csgfameg52n7efvr2id.onion
Targets
-
-
Target
w.exe
-
Size
1005KB
-
MD5
3d18a75d8baa6693b471d0fa85a62c39
-
SHA1
2347cba8679297a3547aa0e250f48690cb18cbc5
-
SHA256
a2df5477cf924bd41241a3326060cc2f913aff2379858b148ddec455e4da67bc
-
SHA512
c925c46ea95ff2b1cf94a5bc5b8c16d1bd0ad5663e7b565a5fefe5d0cac910d132e027a008df5f79a7f261b528c73df1a29b9272abc74184c029ef8cf7428f69
-
SSDEEP
12288:wbWIqB/A1gv9XQ7ZNlZDV3LEWI+Xx+uBW6y4qNmhU:wbyxv9XQ7B3oWI+XHW6y48
Score10/10-
Akira
Akira is a ransomware first seen in March 2023 and targets several industries, including education, finance, real estate, manufacturing, and consulting.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Renames multiple (8551) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-