• Check Point Research analyzed the construction and control flow of Akira ransomware’s Rust version that circulated in early 2024, which has specific features uniquely targeting ESXi server. Our analysis demonstrates how Rust idioms, boilerplate code, and compiler strategies come together to account for the complicated assembly.
• The report outlines principles to follow when analyzing ITW Rust binaries in general.
• We present an analysis of the design strategies used by the malware’s authors, as indicated by the assembly and parts of the reconstructed source code.