General
-
Target
4aecef9ddc8d07b82a6902b27f051f34.bin
-
Size
413KB
-
Sample
240905-bg5v7szdpm
-
MD5
866fa55099a94c8e770fb54503c3c528
-
SHA1
b03750cd55b27619451b9d0adb96aa5c184dc19d
-
SHA256
9bbae99548d3a1a1ba72ebd1354f999afeffe25d9d482137185c018653e3133c
-
SHA512
58c5f2eddd13cb632c5053c312c2fc56ff41e71795f93a8c88b7b062e8aefda668ee5367bc406c5e3193d010815d0ad1d757666251016e927db5b572d3aa0dd4
-
SSDEEP
6144:XvYrrpCZULuR4K133ZrrJ6worfgjeQaQiQD89vLEIs9IeAvRiJPQJRczxrh:wxC6KR4KCBcMZQw9v3s9k1cVrh
Static task
static1
Behavioral task
behavioral1
Sample
988776358d0e45a4907dc1f4906a916f1b3595a31fa44d8e04e563a32557eb42.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
988776358d0e45a4907dc1f4906a916f1b3595a31fa44d8e04e563a32557eb42.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
C:\MSOCache\All Users\akira_readme.txt
akira
https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion
https://akiralkzxzq2dsrzsrvbr2xgbbu2wgsmxryd4csgfameg52n7efvr2id.onion
Targets
-
-
Target
988776358d0e45a4907dc1f4906a916f1b3595a31fa44d8e04e563a32557eb42.exe
-
Size
1.0MB
-
MD5
4aecef9ddc8d07b82a6902b27f051f34
-
SHA1
8ad1b4ed98794e8f0a9a9d6fc161697974099d91
-
SHA256
988776358d0e45a4907dc1f4906a916f1b3595a31fa44d8e04e563a32557eb42
-
SHA512
605fb600668cbadb0f556589f923209def1cd3c51b123f4ce7a5325722bcca05f6bb3b26bf7a6aa52bffabe6129c508b302e85ee0a120bedd96a71a105eae437
-
SSDEEP
12288:Vpp+QIEmDzuImC01vbUE98pik+2i1NkshdMMK+AX99etq2dTdYf:Vpp+Q+u5bUI8pij1NkshdMf99etb5m
-
Akira
Akira is a ransomware first seen in March 2023 and targets several industries, including education, finance, real estate, manufacturing, and consulting.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Renames multiple (8610) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Command and Scripting Interpreter: PowerShell
Run Powershell command to delete shadowcopy.
-
Drops startup file
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-