AllaSenha: AllaKore variant leverages Azure cloud C2 to steal banking details in Latin America

May 31, 2024, 12:35 p.m.

Description

Earlier in May, a security product detected a malicious payload aimed at stealing credentials required to access Brazilian bank accounts. The payload, named AllaSenha, is a variant of the infamous AllaKore RAT, leveraging Azure cloud infrastructure for command and control. It is specifically designed to target users in Latin America through an intricate infection chain involving Python scripts and a Delphi-developed loader. This analysis describes the infection chain, provides indicators of compromise, and presents the capabilities of AllaSenha malware.

Date

Published: May 31, 2024, 12:22 p.m.

Created: May 31, 2024, 12:22 p.m.

Modified: May 31, 2024, 12:35 p.m.

Indicators

notafiscal.nfe-digital.digital

nfe-digital.digital

f2db799d892f2a7ac82bfa15826e74d778abdfa153ccafb9db1fdf56a0248a40

f848c0f66afc7b5a10f060c1db129529a974ae0ad71a767f7c7793351bb7ca04

f00cb0603c055c85c7cdf9963d919d527b13013c182dc115ba733d28da57b1d9

eb2cd71e72ff676d80eb746b961840fea3601d8f6402201d7c0e849a670240ee

e7aa64726783ec6f7249483e984ae20b31a091a488a3ed0f83c210702c506d20

e50bde1e319e699f587d3b5403c487e46deed61cc3f078fe951e7cb9f6896259

dd3f1829cc743942d1fc3719c8d8162bc45ca624352ac71f43c08dafd54bbb7f

d9877dc1ba0f977d100e687da59c216454d27e3988532652ac8f6331debbd071

d051c0aee007f2a1d0026330719a45e81c726251015837e66cf9348df3bd7210

cd9f5773bd7672a3e09f2d05ef26775e8c7241879d5f4d13c5c5bc1704c49fa1

c300749ea44f886be1887b3e19b946efbdbbc3e1bf3e416c78cfbff8d23bf70a

c0bf82a3f7807e0c88076e0d500b07e253b106914058b02e112d45eeb6209998

b8b3963967232916cd721a22c80c11cd33057bd5629dcfa3f4b03d8a6dbf1403

b2e1f630c4593830ead91e7f3615d8d5214762dc5a1dd65bef7382d6f6c9f258

b152346c2679392d7e15d1cc72a39a21d24e55360c4c1c845ef3524924e93fa9

ac4b4b6cfe4d4e8710384246c008764cdb7547a6c3081e72687fefdf0614c7a5

ab3a284ae6e4e466a0715c162cfab85d75522bec48fa25947b16a0891ec2358a

a839dfbe1e7979dbd15ef6c5e472afb3efca044ee8ad27185b01161ce01e4f36

a6d995d015c16985b456bcc5cd44377c3e5e5cf72b17771eadc51e1d02a3c6ef

8a1aba66841ae4b20df95eea8a271538453a76a53596fd3254d47d4d57a3ab3a

99d0de52a63e5ff790e468dbb8cd0d5273b51ca3b67b5963c0bdedc3a4f44f12

883c49b7c869019951eff94699480a7ecc97c9c45060a15797ecbd5fce060d26

7e0051d9221c13a47245359a2cd2804b4d3d9302a321fc8085da1cf1a64bac91

8424e76c9a4ee7a6d7498c2f6826fcde390616dc65032bebf6b2a6f8fbf4a535

7232e3318fdc370e611b2bcbaaec3d58a0d687927714c24dc81fe60767d53a31

6f05d8f85384808036d3c77732b056e2b9cd429587a77b6be3ccdbd4bb558023

65d86160cd4a08d60ada7fcafb7ed9493bf6dacfa098dba27f7851f1bb8de841

643563613fb78f88fd90a6cf253ace9e9e6686568fdf6b6d7ec9760667d4d72b

6149a3d1cff3afe3ebb9ac091844a3b7db7533aa69801c98d00b19cdb8b18c9e

610f0ec33603ef4d1fd6530a8f6b0121a4c9cc62fb6fa2ceee8e2f5b2f866e4c

5782b9bc96ce5ad011c122496ff0ff0dc08d6444c6d2e98606ada82130d5f21a

561e6a42e23d12abe6bba8c98f84c3ba7c45a5df840bfa6fd0dfea803c9b4b7e

46e754727efdc2c891319d25a67ee999a4d8a0b21b0113db08eead42cf51b780

4546bc56c85ad2967859dc34b2c84f15891fcd192e86bfc630c49dc8d59e3e71

3c89775ae7c35fe3d1ec7e75ac9d4a19959d082d31ab412af243125440ffea6c

40c37bfcc9b0e0d1b3840cb7c751162fec91fe833d4caf4a17bc8b97d53c88b5

3b450994add1e3a206c56a7f8fd28e4132cffb27f3df345e07e8908d7989751f

3962c8a4d0472f91d4be45140eccf661ad6c579319953156dec438dc6a07eeb2

3b0eb25ed6c0dff76a613bdcfd20ca1d2f482e3c1739747bf50834ca784e66bb

35329c2fb7a1844576a5defd5d9a7d250d78db51479b2612e3923e18539b0695

2c1251ae1ec9d417bbbdd1f6ac99baa3f16a7639d0c12cb2883ef8c22c73e58e

2c53b4dc15882cf22772994d8ed0947e4a8b70aef3a12ab190017b3317c167ea

278897ee9158f9843125bc2e26c14f96c4e79d5fc578b7e5973dc8dc919a3400

1b4f44a00f61b3e0c8cd6c3125f03b6d4897d6ab90c8a6dc899ed96acee80dd6

21e22c4736e7567b198b505ed303c3ca933e0c2d931b886756f6db18a9884a75

19c02c5724622be4eedff95633f3fbaa604449aa50cc0761693bb8adb1e8cf97

0d94547a0b8f9795e97e2a4a58b0ece65b4ea4b6e6019cbc96e1c79f373b4587

19594c51c61fc5fd833ddd0eecb648acebdf4d789b337f00cda0a03efbb1afcf

010d9f1f16c01db5ff37ff9b519d7ecf3be096e00ae597d7bec12b7099b2f852

https://notafiscal.nfe-digital.digital/nota-estadual/?notafiscal=

https://dpsols7.autodesk360.com/shares/download/file/SHd38bfQT1fb47330c99c55d44aacebd2ec7/dXJuOmFkc2sud2lwcHJvZDpmcy5maWxlOnZmLjhZc1hBS2Q2VHNDa0Z1NkZ0Q2tQdHc_dmVyc2lvbj00?b44bb61abebf41d695a4580f072d9b74|Stager

http://jucatyo6.autodesk360.com/shares/download/file/SHd38bfQT1fb47330c999c2a86b9a6d091b6/dXJuOmFkc2sud2lwcHJvZDpmcy5maWxlOnZmLnY0Uk5ubHlyU0JXd0hlLXJyZWk0T2c_dmVyc2lvbj0x?bfccc0fd975348c980dd89e57f94815f|Stager

nota-fiscal.nfe-digital.top

jucatyo6.autodesk360.com

dpsols7.autodesk360.com

nfe-digital.top

nfe-digital.site

nfe-digital.online

date.today

Attack Patterns

AllaSenha

AllaKore

T1556.002

T1107

T1021.001

T1055.003

T1053.005

T1185

T1564.003

T1119

T1564.001

T1059.005

T1055.002

T1497.001

T1059.001

T1547.001

T1059.007

T1056.001

T1071.001

T1518.001

T1498

T1027

Additional Informations

Finance

Brazil