General
-
Target
643061ac0b51f8c77f2ed202dc91afb9879f796ddd974489209d45f84f644562.bin.sample
-
Size
1005KB
-
Sample
240904-mfa5zsyakp
-
MD5
d24cd19a50e6d574a0cfdfc07c6d22bb
-
SHA1
4f43f7a18761312f7e71c2fbdef2cae39c55cf56
-
SHA256
643061ac0b51f8c77f2ed202dc91afb9879f796ddd974489209d45f84f644562
-
SHA512
3f54dc10639a5b4ef551da63cd1487d0c966fc564e40ac9edc042c7dacd69a83f1d4aad4b92fbcdbb2403b0dcafc31c3c2cd7abb5f1c3d0d7ae63311a0b1bb1d
-
SSDEEP
12288:wbWIqB/A1gv9XQ7ZNlZDV3LEWI+Xx+uBW6y4qNmhz:wbyxv9XQ7B3oWI+XHW6y4r
Static task
static1
Behavioral task
behavioral1
Sample
643061ac0b51f8c77f2ed202dc91afb9879f796ddd974489209d45f84f644562.bin.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
643061ac0b51f8c77f2ed202dc91afb9879f796ddd974489209d45f84f644562.bin.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
C:\PerfLogs\Admin\akira_readme.txt
akira
https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion
https://akiralkzxzq2dsrzsrvbr2xgbbu2wgsmxryd4csgfameg52n7efvr2id.onion
Targets
-
-
Target
643061ac0b51f8c77f2ed202dc91afb9879f796ddd974489209d45f84f644562.bin.sample
-
Size
1005KB
-
MD5
d24cd19a50e6d574a0cfdfc07c6d22bb
-
SHA1
4f43f7a18761312f7e71c2fbdef2cae39c55cf56
-
SHA256
643061ac0b51f8c77f2ed202dc91afb9879f796ddd974489209d45f84f644562
-
SHA512
3f54dc10639a5b4ef551da63cd1487d0c966fc564e40ac9edc042c7dacd69a83f1d4aad4b92fbcdbb2403b0dcafc31c3c2cd7abb5f1c3d0d7ae63311a0b1bb1d
-
SSDEEP
12288:wbWIqB/A1gv9XQ7ZNlZDV3LEWI+Xx+uBW6y4qNmhz:wbyxv9XQ7B3oWI+XHW6y4r
-
Akira
Akira is a ransomware first seen in March 2023 and targets several industries, including education, finance, real estate, manufacturing, and consulting.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Renames multiple (8632) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Command and Scripting Interpreter: PowerShell
Run Powershell command to delete shadowcopy.
-
Drops startup file
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-