General
-
Target
9ca333b2e88ab35f608e447b0e3b821a6e04c4b0c76545177890fb16adcab163.zip
-
Size
266KB
-
Sample
250601-wx4cja1lw2
-
MD5
622d483fe58c9f00fb74d240aec42fbb
-
SHA1
52c771419c2179197ae6ad9b420ad8d31618ba5d
-
SHA256
c46cd5250c89745614dce59a00992c70cc824957dd94626068a7e35d89beead6
-
SHA512
ee59cbf200cf0de08eddb887c061e76566f0c936e2f000b446139c870d0ef6ac1fe70e2b893db392f50c5ec474c411696dc4cdea3d0d9c0abb8e3d1ed0c28ca1
-
SSDEEP
6144:/T6DqYI8Aca5ZvzwfEeus1W//gOitxMMZ16efViRfz+jzyBKdbi:/TcDzaRzwS/gOitP6efVYwi
Static task
static1
Behavioral task
behavioral1
Sample
9ca333b2e88ab35f608e447b0e3b821a6e04c4b0c76545177890fb16adcab163.exe
Resource
win11-20250502-en
Malware Config
Extracted
C:\Users\akira_readme.txt
akira
https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion
https://akiralkzxzq2dsrzsrvbr2xgbbu2wgsmxryd4csgfameg52n7efvr2id.onion
Targets
-
-
Target
9ca333b2e88ab35f608e447b0e3b821a6e04c4b0c76545177890fb16adcab163.exe
-
Size
573KB
-
MD5
e148dee0132f5d20c01fbb4a3fc87b47
-
SHA1
b70b0784e43404f66a282231c65723aa66c63891
-
SHA256
9ca333b2e88ab35f608e447b0e3b821a6e04c4b0c76545177890fb16adcab163
-
SHA512
2408bb426d0c859445837ee47599fe58cdee04ddbc8d34114a5203b4e81faee77c371a5974c13cae8af16fb5d909af648acceecc7a132405ba328c330ec07382
-
SSDEEP
12288:BV0qnXKTH2P6rxTcQpXDHgswvodgBAdA:BV0EMm6rxTcQjos
-
Akira
Akira is a ransomware first seen in March 2023 and targets several industries, including education, finance, real estate, manufacturing, and consulting.
-
Akira family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Renames multiple (8814) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Command and Scripting Interpreter: PowerShell
Run Powershell command to delete shadowcopy.
-
Drops desktop.ini file(s)
-