General
-
Target
1d9544d087058210e84a0ad9650f99c71c85222d6b18e8ea89c6d2eb15ec7543.bin.sample
-
Size
1005KB
-
Sample
240618-mpqxsszcpd
-
MD5
0cb3ff08b5126d4fd6c85744b9bd6b94
-
SHA1
58631cb4001d13bf5c6da0dba8eca7539f21b121
-
SHA256
1d9544d087058210e84a0ad9650f99c71c85222d6b18e8ea89c6d2eb15ec7543
-
SHA512
815c9df0a60bc457abf4d783e21fdd0da9f56290efbb95b48b85002933fd86d847dd4d7e41c3a2a6c2c39d26c7cfc1c16b56bb973ad18945092854664a20670d
-
SSDEEP
12288:wbWIqB/A1gv9XQ7ZNlZDV3LEWI+Xx+uBW6y4qNmh0:wbyxv9XQ7B3oWI+XHW6y4c
Static task
static1
Behavioral task
behavioral1
Sample
1d9544d087058210e84a0ad9650f99c71c85222d6b18e8ea89c6d2eb15ec7543.bin.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1d9544d087058210e84a0ad9650f99c71c85222d6b18e8ea89c6d2eb15ec7543.bin.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
C:\PerfLogs\Admin\akira_readme.txt
akira
https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion
https://akiralkzxzq2dsrzsrvbr2xgbbu2wgsmxryd4csgfameg52n7efvr2id.onion
Targets
-
-
Target
1d9544d087058210e84a0ad9650f99c71c85222d6b18e8ea89c6d2eb15ec7543.bin.sample
-
Size
1005KB
-
MD5
0cb3ff08b5126d4fd6c85744b9bd6b94
-
SHA1
58631cb4001d13bf5c6da0dba8eca7539f21b121
-
SHA256
1d9544d087058210e84a0ad9650f99c71c85222d6b18e8ea89c6d2eb15ec7543
-
SHA512
815c9df0a60bc457abf4d783e21fdd0da9f56290efbb95b48b85002933fd86d847dd4d7e41c3a2a6c2c39d26c7cfc1c16b56bb973ad18945092854664a20670d
-
SSDEEP
12288:wbWIqB/A1gv9XQ7ZNlZDV3LEWI+Xx+uBW6y4qNmh0:wbyxv9XQ7B3oWI+XHW6y4c
-
Akira
Akira is a ransomware first seen in March 2023 and targets several industries, including education, finance, real estate, manufacturing, and consulting.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Renames multiple (8621) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Command and Scripting Interpreter: PowerShell
Run Powershell command to delete shadowcopy.
-
Drops startup file
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-