General
-
Target
Neintitulat 1.odt
-
Size
22KB
-
Sample
250602-w97wgswrt9
-
MD5
c9ad93fa822f160ab0dd131d4637305c
-
SHA1
467085117b8c5e0871e79e6fc8a491de6298c530
-
SHA256
00f6b2839370180e493295143685e6d53766b8f8546effd992edbb9025535a82
-
SHA512
6cb7a0566c754bb2b9005095be3c1edeb7a02883d42274c4455222e948be7934076e1f5158a8d647de98b1b74ac31857d93b0a2197230ae6acaf31c31f89f67a
-
SSDEEP
384:c8LRRkDAOwZbRndaRJf+36gHPzyp8rGqR7fsxGqu64skfU0v0IyOk5vkNFsHj:cUksOwsk1PPLEUwkt0IyJVkNFuj
Static task
static1
Behavioral task
behavioral1
Sample
Neintitulat 1.odt
Resource
win11-20250502-en
Malware Config
Extracted
C:\PerfLogs\akira_readme.txt
akira
https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion
https://akiralkzxzq2dsrzsrvbr2xgbbu2wgsmxryd4csgfameg52n7efvr2id.onion/d/7816899251-AZOSS
Targets
-
-
Target
Neintitulat 1.odt
-
Size
22KB
-
MD5
c9ad93fa822f160ab0dd131d4637305c
-
SHA1
467085117b8c5e0871e79e6fc8a491de6298c530
-
SHA256
00f6b2839370180e493295143685e6d53766b8f8546effd992edbb9025535a82
-
SHA512
6cb7a0566c754bb2b9005095be3c1edeb7a02883d42274c4455222e948be7934076e1f5158a8d647de98b1b74ac31857d93b0a2197230ae6acaf31c31f89f67a
-
SSDEEP
384:c8LRRkDAOwZbRndaRJf+36gHPzyp8rGqR7fsxGqu64skfU0v0IyOk5vkNFsHj:cUksOwsk1PPLEUwkt0IyJVkNFuj
-
Akira
Akira is a ransomware first seen in March 2023 and targets several industries, including education, finance, real estate, manufacturing, and consulting.
-
Akira family
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Renames multiple (9708) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Command and Scripting Interpreter: PowerShell
Run Powershell command to delete shadowcopy.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v16
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1