General
-
Target
win.exe
-
Size
1005KB
-
Sample
240716-n76lms1gqm
-
MD5
773fcd0432808e74bfb863489799dd05
-
SHA1
c8008c0d50ddf9757c2e11b11d94dae0c5307915
-
SHA256
2bfe3fba2e94b1a4f8ae0ea767b64084390155bb4d57cc39e13c15b181f8d377
-
SHA512
7714265c16c7bfd5786eb423583a3ab8f71daec5d6ace00d7613522aaa26b8fcea28c63bc294e99a84e8131896d6ca425abde4c354b2d78059fb5075b42adb45
-
SSDEEP
12288:wbWIqB/A1gv9XQ7ZNlZDV3LEWI+Xx+uBW6y4qNmhE:wbyxv9XQ7B3oWI+XHW6y48
Static task
static1
Behavioral task
behavioral1
Sample
win.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
win.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
C:\PerfLogs\Admin\akira_readme.txt
akira
https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion
https://akiralkzxzq2dsrzsrvbr2xgbbu2wgsmxryd4csgfameg52n7efvr2id.onion
Targets
-
-
Target
win.exe
-
Size
1005KB
-
MD5
773fcd0432808e74bfb863489799dd05
-
SHA1
c8008c0d50ddf9757c2e11b11d94dae0c5307915
-
SHA256
2bfe3fba2e94b1a4f8ae0ea767b64084390155bb4d57cc39e13c15b181f8d377
-
SHA512
7714265c16c7bfd5786eb423583a3ab8f71daec5d6ace00d7613522aaa26b8fcea28c63bc294e99a84e8131896d6ca425abde4c354b2d78059fb5075b42adb45
-
SSDEEP
12288:wbWIqB/A1gv9XQ7ZNlZDV3LEWI+Xx+uBW6y4qNmhE:wbyxv9XQ7B3oWI+XHW6y48
-
Akira
Akira is a ransomware first seen in March 2023 and targets several industries, including education, finance, real estate, manufacturing, and consulting.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Renames multiple (9053) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Command and Scripting Interpreter: PowerShell
Run Powershell command to delete shadowcopy.
-
Drops startup file
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-