Akira Stealer : An Undetected Python Based Info-stealer - CYFIRMA
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Data Direct Model Abuse Elevation Control Mechanism - T1626 Abuse Elevation Control Mechanism - T1548 Credentials - T1589.001 Credentials From Web Browsers - T1555.003 Credentials From Web Browsers - T1503 Debugger Evasion - T1622 Domains - T1583.001 Domains - T1584.001 Encrypted Channel - T1521 Encrypted Channel - T1573 Exfiltration Over C2 Channel - T1646 Exfiltration To Cloud Storage - T1567.002 File Deletion - T1070.004 File Deletion - T1630.002 Hardware - T1592.001 Hidden Window - T1564.003 Hide Artifacts - T1564 Impair Defenses - T1562 Impair Defenses - T1629 Ip Addresses - T1590.005 System Network Configuration Discovery - T1422 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 System Information Discovery - T1426 Powershell - T1059.001 Python - T1059.006 Registry Run Keys / Startup Folder - T1547.001 Screen Capture - T1513 Server - T1583.004 Server - T1584.004 Software - T1592.002 Steal Web Session Cookie - T1539 Windows Command Shell - T1059.003 Web Protocols - T1071.001 Web Protocols - T1437.001 Browser Bookmark Discovery - T1217 Data Encoding - T1132 Exfiltration Over Command And Control Channel - T1041 File Deletion - T1107 Hidden Window - T1143 Modify Registry - T1112 Powershell - T1086 Registry Run Keys / Start Folder - T1060 Screen Capture - T1113 System Information Discovery - T1082 System Network Configuration Discovery - T1016 Screen Capture
Show in Graph
Common Information
Type Value
UUID dfa913f1-6b35-468a-84c0-d51883d47a0b
Fingerprint b4962e1285b70681
Analysis status DONE
Considered CTI value 2
Text language
Published Oct. 20, 2023, 1:39 p.m.
Added to db Oct. 24, 2023, 1:06 p.m.
Last updated Nov. 17, 2024, 6:56 p.m.
Headline Akira Stealer : An Undetected Python Based Info-stealer
Title Akira Stealer : An Undetected Python Based Info-stealer - CYFIRMA
Detected Hints/Tags/Attributes 122/2/59
Source URLs
Redirection Url
Details Source https://www.cyfirma.com/outofband/akira-stealer-an-undetected-python-based-info-stealer/
URL Provider
Details Provider Source level domain
Details cyfirma.com www.cyfirma.com
Attributes
Details Type #Events CTI Value
Details Domain 26 
gofile.io
Details Domain 2 
akira.red
Details Domain 2 
store7.gofile.io
Details Domain 2 
m2.zip
Details Domain 19 
file.zip
Details Domain 6 
api.gofile.io
Details Domain 2 
store11.gofile.io
Details Domain 3 
store1.gofile.io
Details Domain 2 
store4.gofile.io
Details File 2 
3989x_nord_vpn_premium_hits.txt
Details File 2 
hidden.bat
Details File 5 
tmp.vbs
Details File 2 
csscript.exe
Details File 2 
akira.exe
Details File 1 
m2.zip
Details File 18 
file.zip
Details File 62 
fodhelper.exe
Details File 1 
c:\users\username\appdata\local\temp directory as dump.png
Details File 2 
pyst.txt
Details File 2 
inj.php
Details md5 2 
016dfdd45c8208d246d59327c40355e0
Details md5 2 
81e7ff1742d45075305a2082b1a7ac9d
Details md5 2 
4027c802411f8b4091c5c4eb077efa49
Details md5 1 
c9e84d2fed103f6c7a8f1822a42da643
Details sha256 2 
b14262297bdfc61e2103eed6d77dce42bd3076c31912b4143151dfa36f751411
Details sha256 2 
03564dc699f82f7e5d52046d82863ceddc6d657c66c0078f88cfe9cf1953187b
Details sha256 2 
50e36d96cb593c39afa2fc11ac25c976f0ff1586159d2eb2626902e6d6062f81
Details sha256 1 
3981ea2f66e197c3fb644184a33f2553fed51e175aa0402e77d1e324c96e1326
Details MITRE ATT&CK Techniques 460 
T1059.001
Details MITRE ATT&CK Techniques 333 
T1059.003
Details MITRE ATT&CK Techniques 59 
T1059.006
Details MITRE ATT&CK Techniques 365 
T1204.002
Details MITRE ATT&CK Techniques 380 
T1547.001
Details MITRE ATT&CK Techniques 78 
T1548
Details MITRE ATT&CK Techniques 52 
T1622
Details MITRE ATT&CK Techniques 107 
T1564
Details MITRE ATT&CK Techniques 297 
T1070.004
Details MITRE ATT&CK Techniques 550 
T1112
Details MITRE ATT&CK Techniques 235 
T1562
Details MITRE ATT&CK Techniques 99 
T1539
Details MITRE ATT&CK Techniques 125 
T1555.003
Details MITRE ATT&CK Techniques 29 
T1217
Details MITRE ATT&CK Techniques 1006 
T1082
Details MITRE ATT&CK Techniques 245 
T1016
Details MITRE ATT&CK Techniques 219 
T1113
Details MITRE ATT&CK Techniques 442 
T1071.001
Details MITRE ATT&CK Techniques 96 
T1132
Details MITRE ATT&CK Techniques 163 
T1573
Details MITRE ATT&CK Techniques 422 
T1041
Details MITRE ATT&CK Techniques 100 
T1567.002
Details Url 2 
https://akira.red
Details Url 2 
https://store7.gofile.io/download/direct/13d3e926-8be7-4c15-a1d9-f0e809ec1f14/m2.zip
Details Url 2 
https://akira.red/pyst.txt
Details Url 2 
https://akira.red/inj.php
Details Url 3 
https://api.gofile.io/getserver
Details Url 2 
https://store11.gofile.io/uploadfile
Details Url 3 
https://store1.gofile.io/uploadfile
Details Url 2 
https://store4.gofile.io/uploadfile
Details Url 2 
https://discord.com/api/webhooks/1145738132550078484/px0c3qsngkzqx39axjp-vkoddywvodfthl6j83epn0ndbz0o_dq7d6vhfvdcluj0rley