General
-
Target
16692783061.zip
-
Size
406KB
-
Sample
240417-mq8h8scc73
-
MD5
4f90d2b26baf3a7f91b4136e08c4d9eb
-
SHA1
35ab7de77975536bdb9053f77f93965a780f75d7
-
SHA256
a239af15b04d862a1023caf0da00415d7d6aeab8d7010ad79561ad9f1180ac30
-
SHA512
27e5b9becef7191a466fd666c00fcaaf5e3788085d13f817f87a3831a1085046c69887bfeb33d602d4754caccc52c3d98aa7bbbc270a630e346a9907434b89e6
-
SSDEEP
12288:Y2C6EwF2I0yClBTxvlTekgEkKdpqJtUMni7:Y2CdG2FywbtLged4JWL
Static task
static1
Behavioral task
behavioral1
Sample
976f3bd36844a826e70065762e85242105420f8c2e8b755fb29c1de0b604d0d0.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
976f3bd36844a826e70065762e85242105420f8c2e8b755fb29c1de0b604d0d0.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
C:\PerfLogs\akira_readme.txt
akira
https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion
https://akiralkzxzq2dsrzsrvbr2xgbbu2wgsmxryd4csgfameg52n7efvr2id.onion
Targets
-
-
Target
976f3bd36844a826e70065762e85242105420f8c2e8b755fb29c1de0b604d0d0
-
Size
1005KB
-
MD5
c0bee5d054345131355452ef0c057697
-
SHA1
0edf5e5feae982f3c564875ee01f82e5068f94ac
-
SHA256
976f3bd36844a826e70065762e85242105420f8c2e8b755fb29c1de0b604d0d0
-
SHA512
abcdbf6461117eeac77ea6f34431a9660dfeb643799d10e687d661c3e243302c771d3a590998e206a46addbf1ec1a58396d57d41ab0a804c960aed396bfb127e
-
SSDEEP
12288:wbWIqB/A1gv9XQ7ZNlZDV3LEWI+Xx+uBW6y4qNmh4:wbyxv9XQ7B3oWI+XHW6y4g
Score10/10-
Akira
Akira is a ransomware first seen in March 2023 and targets several industries, including education, finance, real estate, manufacturing, and consulting.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Renames multiple (8543) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-