General
-
Target
RansomwareAkira.exe
-
Size
1.0MB
-
Sample
241105-pmccqssajl
-
MD5
feb81a8d7e0f91d6f74b440cdd3c2f28
-
SHA1
8c479629f45d8d9ea5e6ed48a3eeb9917fb7ad07
-
SHA256
aaa7799edfd86b52438a9e0d71f8069cbcbe1988036b95888fcdc553e729b7b9
-
SHA512
bf83affcd1ea656e05f18e55eb23cce2e2cb33ca6f24f5c22374c6f1d41f6277794c21f926939028326c043798bf34f14194b3ad51cee763b053e7a519199623
-
SSDEEP
12288:Vpp+QIEmDzuImC01vbUE98pik+2i1NkshdMMK+AX99etq2dTd7f:Vpp+Q+u5bUI8pij1NkshdMf99etb5R
Static task
static1
Behavioral task
behavioral1
Sample
RansomwareAkira.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
RansomwareAkira.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
C:\MSOCache\All Users\akira_readme.txt
akira
https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion
https://akiralkzxzq2dsrzsrvbr2xgbbu2wgsmxryd4csgfameg52n7efvr2id.onion/d/3175904882-XTBIJ
Targets
-
-
Target
RansomwareAkira.exe
-
Size
1.0MB
-
MD5
feb81a8d7e0f91d6f74b440cdd3c2f28
-
SHA1
8c479629f45d8d9ea5e6ed48a3eeb9917fb7ad07
-
SHA256
aaa7799edfd86b52438a9e0d71f8069cbcbe1988036b95888fcdc553e729b7b9
-
SHA512
bf83affcd1ea656e05f18e55eb23cce2e2cb33ca6f24f5c22374c6f1d41f6277794c21f926939028326c043798bf34f14194b3ad51cee763b053e7a519199623
-
SSDEEP
12288:Vpp+QIEmDzuImC01vbUE98pik+2i1NkshdMMK+AX99etq2dTd7f:Vpp+Q+u5bUI8pij1NkshdMf99etb5R
-
Akira
Akira is a ransomware first seen in March 2023 and targets several industries, including education, finance, real estate, manufacturing, and consulting.
-
Akira family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Renames multiple (8634) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Command and Scripting Interpreter: PowerShell
Run Powershell command to delete shadowcopy.
-
Drops startup file
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-