General
-
Target
ea5d904dbb4d9106dd9f1047e657feb93caf8f7f570d848537d5305320745c12
-
Size
214KB
-
Sample
240625-vhcetsvclm
-
MD5
ac089205cddfe5ccf7c61c160c23884d
-
SHA1
7c22a37f5d029ca51b7fd93efb820c085db9e1fe
-
SHA256
ea5d904dbb4d9106dd9f1047e657feb93caf8f7f570d848537d5305320745c12
-
SHA512
2d6c1d57d57887419ff507759e6b8b1ecfa262e6f0a9b73e2fd3a9cda635c0a29609b87e0ea8156abe2ab8362a22c897b7d6f1d77e2141df9ce7a5a1802b21ca
-
SSDEEP
6144:hsFgc3p6ROT8QonM1d+3kGa0eYQaOqF/S/1:hsPFs6++YQaO51
Static task
static1
Behavioral task
behavioral1
Sample
1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
C:\MSOCache\All Users\akira_readme.txt
akira
https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion
https://akiralkzxzq2dsrzsrvbr2xgbbu2wgsmxryd4csgfameg52n7efvr2id.onion
Targets
-
-
Target
1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc
-
Size
573KB
-
MD5
503f112e243519a1b9e0344499561908
-
SHA1
8d635ca131d8aa20971744dcb30a9e2e1f8cd1be
-
SHA256
1b6af2fbbc636180dd7bae825486ccc45e42aefbb304d5f83fafca4d637c13cc
-
SHA512
71da9efbc24bf3428f7efd08f47e6dc698cdae769a918800de72ab4945fb79c2f5b92d21a839d9e13e700b3cfd6ae365073c32a6f368e43830c6ccba3322d00e
-
SSDEEP
12288:BV0qnXKTH2P6rxTcQpXDHgswvodgnAdA:BV0EMm6rxTcQjos
-
Akira
Akira is a ransomware first seen in March 2023 and targets several industries, including education, finance, real estate, manufacturing, and consulting.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Renames multiple (8623) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Command and Scripting Interpreter: PowerShell
Run Powershell command to delete shadowcopy.
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-