AllaSenha: AllaKore variant leverages Azure cloud C2 to steal banking details in Latin America

May 31, 2024, 12:35 p.m.

Description

Earlier in May, a security product detected a malicious payload aimed at stealing credentials required to access Brazilian bank accounts. The payload, named AllaSenha, is a variant of the infamous AllaKore RAT, leveraging Azure cloud infrastructure for command and control. It is specifically designed to target users in Latin America through an intricate infection chain involving Python scripts and a Delphi-developed loader. This analysis describes the infection chain, provides indicators of compromise, and presents the capabilities of AllaSenha malware.

External References

https://harfanglab.io/en/insidethelab/allasenha-allakore-variant-azure-c2-steal-banking-latin-america
https://otx.alienvault.com/pulse/6659c0f6aea389245915ca55
Tags
trojan
banking
2024-05-31
brazil
allakore
azure
allasenha
stealing
credential

Date

  • Created: May 31, 2024, 12:22 p.m.
  • Published: May 31, 2024, 12:22 p.m.
  • Modified: May 31, 2024, 12:35 p.m.

Indicators

  • notafiscal.nfe-digital.digital
  • nfe-digital.digital
  • f2db799d892f2a7ac82bfa15826e74d778abdfa153ccafb9db1fdf56a0248a40
  • f848c0f66afc7b5a10f060c1db129529a974ae0ad71a767f7c7793351bb7ca04
  • f00cb0603c055c85c7cdf9963d919d527b13013c182dc115ba733d28da57b1d9
  • eb2cd71e72ff676d80eb746b961840fea3601d8f6402201d7c0e849a670240ee
  • e7aa64726783ec6f7249483e984ae20b31a091a488a3ed0f83c210702c506d20
  • e50bde1e319e699f587d3b5403c487e46deed61cc3f078fe951e7cb9f6896259
  • dd3f1829cc743942d1fc3719c8d8162bc45ca624352ac71f43c08dafd54bbb7f
  • d9877dc1ba0f977d100e687da59c216454d27e3988532652ac8f6331debbd071
  • d051c0aee007f2a1d0026330719a45e81c726251015837e66cf9348df3bd7210
  • cd9f5773bd7672a3e09f2d05ef26775e8c7241879d5f4d13c5c5bc1704c49fa1
  • c300749ea44f886be1887b3e19b946efbdbbc3e1bf3e416c78cfbff8d23bf70a
  • c0bf82a3f7807e0c88076e0d500b07e253b106914058b02e112d45eeb6209998
  • b8b3963967232916cd721a22c80c11cd33057bd5629dcfa3f4b03d8a6dbf1403
  • b2e1f630c4593830ead91e7f3615d8d5214762dc5a1dd65bef7382d6f6c9f258
  • b152346c2679392d7e15d1cc72a39a21d24e55360c4c1c845ef3524924e93fa9
  • ac4b4b6cfe4d4e8710384246c008764cdb7547a6c3081e72687fefdf0614c7a5
  • ab3a284ae6e4e466a0715c162cfab85d75522bec48fa25947b16a0891ec2358a
  • a839dfbe1e7979dbd15ef6c5e472afb3efca044ee8ad27185b01161ce01e4f36
  • a6d995d015c16985b456bcc5cd44377c3e5e5cf72b17771eadc51e1d02a3c6ef
  • 8a1aba66841ae4b20df95eea8a271538453a76a53596fd3254d47d4d57a3ab3a
  • 99d0de52a63e5ff790e468dbb8cd0d5273b51ca3b67b5963c0bdedc3a4f44f12
  • 883c49b7c869019951eff94699480a7ecc97c9c45060a15797ecbd5fce060d26
  • 7e0051d9221c13a47245359a2cd2804b4d3d9302a321fc8085da1cf1a64bac91
  • 8424e76c9a4ee7a6d7498c2f6826fcde390616dc65032bebf6b2a6f8fbf4a535
  • 7232e3318fdc370e611b2bcbaaec3d58a0d687927714c24dc81fe60767d53a31
  • 6f05d8f85384808036d3c77732b056e2b9cd429587a77b6be3ccdbd4bb558023
  • 65d86160cd4a08d60ada7fcafb7ed9493bf6dacfa098dba27f7851f1bb8de841
  • 643563613fb78f88fd90a6cf253ace9e9e6686568fdf6b6d7ec9760667d4d72b
  • 6149a3d1cff3afe3ebb9ac091844a3b7db7533aa69801c98d00b19cdb8b18c9e
  • 610f0ec33603ef4d1fd6530a8f6b0121a4c9cc62fb6fa2ceee8e2f5b2f866e4c
  • 5782b9bc96ce5ad011c122496ff0ff0dc08d6444c6d2e98606ada82130d5f21a
  • 561e6a42e23d12abe6bba8c98f84c3ba7c45a5df840bfa6fd0dfea803c9b4b7e
  • 46e754727efdc2c891319d25a67ee999a4d8a0b21b0113db08eead42cf51b780
  • 4546bc56c85ad2967859dc34b2c84f15891fcd192e86bfc630c49dc8d59e3e71
  • 3c89775ae7c35fe3d1ec7e75ac9d4a19959d082d31ab412af243125440ffea6c
  • 40c37bfcc9b0e0d1b3840cb7c751162fec91fe833d4caf4a17bc8b97d53c88b5
  • 3b450994add1e3a206c56a7f8fd28e4132cffb27f3df345e07e8908d7989751f
  • 3962c8a4d0472f91d4be45140eccf661ad6c579319953156dec438dc6a07eeb2
  • 3b0eb25ed6c0dff76a613bdcfd20ca1d2f482e3c1739747bf50834ca784e66bb
  • 35329c2fb7a1844576a5defd5d9a7d250d78db51479b2612e3923e18539b0695
  • 2c1251ae1ec9d417bbbdd1f6ac99baa3f16a7639d0c12cb2883ef8c22c73e58e
  • 2c53b4dc15882cf22772994d8ed0947e4a8b70aef3a12ab190017b3317c167ea
  • 278897ee9158f9843125bc2e26c14f96c4e79d5fc578b7e5973dc8dc919a3400
  • 1b4f44a00f61b3e0c8cd6c3125f03b6d4897d6ab90c8a6dc899ed96acee80dd6
  • 21e22c4736e7567b198b505ed303c3ca933e0c2d931b886756f6db18a9884a75
  • 19c02c5724622be4eedff95633f3fbaa604449aa50cc0761693bb8adb1e8cf97
  • 0d94547a0b8f9795e97e2a4a58b0ece65b4ea4b6e6019cbc96e1c79f373b4587
  • 19594c51c61fc5fd833ddd0eecb648acebdf4d789b337f00cda0a03efbb1afcf
  • 010d9f1f16c01db5ff37ff9b519d7ecf3be096e00ae597d7bec12b7099b2f852
  • https://notafiscal.nfe-digital.digital/nota-estadual/?notafiscal=
  • https://dpsols7.autodesk360.com/shares/download/file/SHd38bfQT1fb47330c99c55d44aacebd2ec7/dXJuOmFkc2sud2lwcHJvZDpmcy5maWxlOnZmLjhZc1hBS2Q2VHNDa0Z1NkZ0Q2tQdHc_dmVyc2lvbj00?b44bb61abebf41d695a4580f072d9b74|Stager
  • http://jucatyo6.autodesk360.com/shares/download/file/SHd38bfQT1fb47330c999c2a86b9a6d091b6/dXJuOmFkc2sud2lwcHJvZDpmcy5maWxlOnZmLnY0Uk5ubHlyU0JXd0hlLXJyZWk0T2c_dmVyc2lvbj0x?bfccc0fd975348c980dd89e57f94815f|Stager
  • nota-fiscal.nfe-digital.top
  • jucatyo6.autodesk360.com
  • dpsols7.autodesk360.com
  • nfe-digital.top
  • nfe-digital.site
  • nfe-digital.online
  • date.today
Download all indicators here!

Attack Patterns

  • AllaSenha
  • AllaKore
  • T1556.002
  • T1107
  • T1021.001
  • T1055.003
  • T1053.005
  • T1185
  • T1564.003
  • T1119
  • T1564.001
  • T1059.005
  • T1055.002
  • T1497.001
  • T1059.001
  • T1547.001
  • T1059.007
  • T1056.001
  • T1071.001
  • T1518.001
  • T1498
  • T1027

Additional Informations

  • Finance
  • Brazil