General
-
Target
16718620734.zip
-
Size
389KB
-
Sample
240417-mj23waca97
-
MD5
c70c713f6cae76b5842f10f0fb42303a
-
SHA1
e00cb29e5e0e1ee7ffd0d80f508135df79bc9c0b
-
SHA256
2e519ce2ad3a09ca6564d8c8908204f99c768007d612b873bb94ce8a4055320d
-
SHA512
601d023add19d3d3e2814b00fff6e2d379cbd2b569a26c85c043f6169c2ae1e5645442208d806c2766f2bc4757743ecbeec49692f9a539990c5e9922dd6583d4
-
SSDEEP
12288:982HPCT7zh1DTDiNWgospMkOVPeLgzY1zU2:98aCT7vTDaVS1ZeMv2
Static task
static1
Behavioral task
behavioral1
Sample
427eba9f6ff2cd312c72770f13e279c1.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
427eba9f6ff2cd312c72770f13e279c1.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
C:\MSOCache\akira_readme.txt
akira
https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion
https://akiralkzxzq2dsrzsrvbr2xgbbu2wgsmxryd4csgfameg52n7efvr2id.onion
Targets
-
-
Target
427eba9f6ff2cd312c72770f13e279c1
-
Size
1005KB
-
MD5
427eba9f6ff2cd312c72770f13e279c1
-
SHA1
221e45064829d5ca7852aa5421d5284986916d93
-
SHA256
101bd45ab673fd6547386dff4339f1649e61b9f5c318260d365f766fbdc2d3c9
-
SHA512
2101d82c1e4536536410de403bbe5b438a3688690fd3108f3c4ffc7fca90be4888b7ba088f648c68089e28e9729385ac2299d2d087f04590ff7fe6d97beb557b
-
SSDEEP
12288:wbWIqB/A1gv9XQ7ZNlZDV3LEWI+Xx+uBW6y4qNmhA9:wbyxv9XQ7B3oWI+XHW6y449
Score10/10-
Akira
Akira is a ransomware first seen in March 2023 and targets several industries, including education, finance, real estate, manufacturing, and consulting.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Renames multiple (8561) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-