General
-
Target
2e88e55cc8ee364bf90e7a51671366efb3dac3e9468005b044164ba0f1624422.sample.bin
-
Size
1005KB
-
Sample
240904-qvqe1ascqg
-
MD5
2940779f88cf063ca5dcf861ec7bf325
-
SHA1
de858b475bf1b0c16bbc0ab15b21690f739344cd
-
SHA256
2e88e55cc8ee364bf90e7a51671366efb3dac3e9468005b044164ba0f1624422
-
SHA512
4ab9b45b82f33c1e2683c3a105151262ff48711319f875a0ec9ad61d2017bfe027b0981b10f6d3b7c9d18691d9dac8f0f72cb7e344ef9839689f8eb58a813a99
-
SSDEEP
12288:wbWIqB/A1gv9XQ7ZNlZDV3LEWI+Xx+uBW6y4qNmhj:wbyxv9XQ7B3oWI+XHW6y4r
Static task
static1
Behavioral task
behavioral1
Sample
2e88e55cc8ee364bf90e7a51671366efb3dac3e9468005b044164ba0f1624422.sample.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2e88e55cc8ee364bf90e7a51671366efb3dac3e9468005b044164ba0f1624422.sample.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
C:\PerfLogs\Admin\akira_readme.txt
akira
https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion
https://akiralkzxzq2dsrzsrvbr2xgbbu2wgsmxryd4csgfameg52n7efvr2id.onion
Targets
-
-
Target
2e88e55cc8ee364bf90e7a51671366efb3dac3e9468005b044164ba0f1624422.sample.bin
-
Size
1005KB
-
MD5
2940779f88cf063ca5dcf861ec7bf325
-
SHA1
de858b475bf1b0c16bbc0ab15b21690f739344cd
-
SHA256
2e88e55cc8ee364bf90e7a51671366efb3dac3e9468005b044164ba0f1624422
-
SHA512
4ab9b45b82f33c1e2683c3a105151262ff48711319f875a0ec9ad61d2017bfe027b0981b10f6d3b7c9d18691d9dac8f0f72cb7e344ef9839689f8eb58a813a99
-
SSDEEP
12288:wbWIqB/A1gv9XQ7ZNlZDV3LEWI+Xx+uBW6y4qNmhj:wbyxv9XQ7B3oWI+XHW6y4r
-
Akira
Akira is a ransomware first seen in March 2023 and targets several industries, including education, finance, real estate, manufacturing, and consulting.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Renames multiple (8600) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Command and Scripting Interpreter: PowerShell
Run Powershell command to delete shadowcopy.
-
Drops startup file
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-