Inside Akira Ransomware's Rust Experiment
Dec. 4, 2024, 9:21 a.m.
Tags
External References
Description
Check Point Research analyzed the Rust version of Akira ransomware that targeted ESXi servers in early 2024. The malware's complex assembly is attributed to Rust idioms, boilerplate code, and compiler strategies. The analysis reveals the ransomware's use of the seahorse CLI framework, indicatif library for progress reporting, and a hybrid encryption approach using curve25519 and SOSEMANUK. The malware's default behavior targets ESXi VMs, but it can also function as general-purpose Linux ransomware. The study highlights the challenges in reverse-engineering Rust binaries due to aggressive inlining and optimization, emphasizing the need for advanced tooling to identify spliced inline code.
Date
Published: Dec. 3, 2024, 10:42 p.m.
Created: Dec. 3, 2024, 10:42 p.m.
Modified: Dec. 4, 2024, 9:21 a.m.
Attack Patterns
Akira
Akira
T1490
T1012
T1573
T1489
T1486
T1070
T1129
T1106
T1082
T1057
T1083
T1569
T1140
T1027
T1553
T1562
T1059
Additional Informations
Technology