AllaSenha: AllaKore variant leverages Azure cloud C2 to steal banking details in Latin America
May 31, 2024, 12:35 p.m.
Tags
External References
Description
Earlier in May, a security product detected a malicious payload aimed at stealing credentials required to access Brazilian bank accounts. The payload, named AllaSenha, is a variant of the infamous AllaKore RAT, leveraging Azure cloud infrastructure for command and control. It is specifically designed to target users in Latin America through an intricate infection chain involving Python scripts and a Delphi-developed loader. This analysis describes the infection chain, provides indicators of compromise, and presents the capabilities of AllaSenha malware.
Date
Published: May 31, 2024, 12:22 p.m.
Created: May 31, 2024, 12:22 p.m.
Modified: May 31, 2024, 12:35 p.m.
Indicators
notafiscal.nfe-digital.digital
nfe-digital.digital
f2db799d892f2a7ac82bfa15826e74d778abdfa153ccafb9db1fdf56a0248a40
f848c0f66afc7b5a10f060c1db129529a974ae0ad71a767f7c7793351bb7ca04
f00cb0603c055c85c7cdf9963d919d527b13013c182dc115ba733d28da57b1d9
eb2cd71e72ff676d80eb746b961840fea3601d8f6402201d7c0e849a670240ee
e7aa64726783ec6f7249483e984ae20b31a091a488a3ed0f83c210702c506d20
e50bde1e319e699f587d3b5403c487e46deed61cc3f078fe951e7cb9f6896259
dd3f1829cc743942d1fc3719c8d8162bc45ca624352ac71f43c08dafd54bbb7f
d9877dc1ba0f977d100e687da59c216454d27e3988532652ac8f6331debbd071
d051c0aee007f2a1d0026330719a45e81c726251015837e66cf9348df3bd7210
cd9f5773bd7672a3e09f2d05ef26775e8c7241879d5f4d13c5c5bc1704c49fa1
c300749ea44f886be1887b3e19b946efbdbbc3e1bf3e416c78cfbff8d23bf70a
c0bf82a3f7807e0c88076e0d500b07e253b106914058b02e112d45eeb6209998
b8b3963967232916cd721a22c80c11cd33057bd5629dcfa3f4b03d8a6dbf1403
b2e1f630c4593830ead91e7f3615d8d5214762dc5a1dd65bef7382d6f6c9f258
b152346c2679392d7e15d1cc72a39a21d24e55360c4c1c845ef3524924e93fa9
ac4b4b6cfe4d4e8710384246c008764cdb7547a6c3081e72687fefdf0614c7a5
ab3a284ae6e4e466a0715c162cfab85d75522bec48fa25947b16a0891ec2358a
a839dfbe1e7979dbd15ef6c5e472afb3efca044ee8ad27185b01161ce01e4f36
a6d995d015c16985b456bcc5cd44377c3e5e5cf72b17771eadc51e1d02a3c6ef
8a1aba66841ae4b20df95eea8a271538453a76a53596fd3254d47d4d57a3ab3a
99d0de52a63e5ff790e468dbb8cd0d5273b51ca3b67b5963c0bdedc3a4f44f12
883c49b7c869019951eff94699480a7ecc97c9c45060a15797ecbd5fce060d26
7e0051d9221c13a47245359a2cd2804b4d3d9302a321fc8085da1cf1a64bac91
8424e76c9a4ee7a6d7498c2f6826fcde390616dc65032bebf6b2a6f8fbf4a535
7232e3318fdc370e611b2bcbaaec3d58a0d687927714c24dc81fe60767d53a31
6f05d8f85384808036d3c77732b056e2b9cd429587a77b6be3ccdbd4bb558023
65d86160cd4a08d60ada7fcafb7ed9493bf6dacfa098dba27f7851f1bb8de841
643563613fb78f88fd90a6cf253ace9e9e6686568fdf6b6d7ec9760667d4d72b
6149a3d1cff3afe3ebb9ac091844a3b7db7533aa69801c98d00b19cdb8b18c9e
610f0ec33603ef4d1fd6530a8f6b0121a4c9cc62fb6fa2ceee8e2f5b2f866e4c
5782b9bc96ce5ad011c122496ff0ff0dc08d6444c6d2e98606ada82130d5f21a
561e6a42e23d12abe6bba8c98f84c3ba7c45a5df840bfa6fd0dfea803c9b4b7e
46e754727efdc2c891319d25a67ee999a4d8a0b21b0113db08eead42cf51b780
4546bc56c85ad2967859dc34b2c84f15891fcd192e86bfc630c49dc8d59e3e71
3c89775ae7c35fe3d1ec7e75ac9d4a19959d082d31ab412af243125440ffea6c
40c37bfcc9b0e0d1b3840cb7c751162fec91fe833d4caf4a17bc8b97d53c88b5
3b450994add1e3a206c56a7f8fd28e4132cffb27f3df345e07e8908d7989751f
3962c8a4d0472f91d4be45140eccf661ad6c579319953156dec438dc6a07eeb2
3b0eb25ed6c0dff76a613bdcfd20ca1d2f482e3c1739747bf50834ca784e66bb
35329c2fb7a1844576a5defd5d9a7d250d78db51479b2612e3923e18539b0695
2c1251ae1ec9d417bbbdd1f6ac99baa3f16a7639d0c12cb2883ef8c22c73e58e
2c53b4dc15882cf22772994d8ed0947e4a8b70aef3a12ab190017b3317c167ea
278897ee9158f9843125bc2e26c14f96c4e79d5fc578b7e5973dc8dc919a3400
1b4f44a00f61b3e0c8cd6c3125f03b6d4897d6ab90c8a6dc899ed96acee80dd6
21e22c4736e7567b198b505ed303c3ca933e0c2d931b886756f6db18a9884a75
19c02c5724622be4eedff95633f3fbaa604449aa50cc0761693bb8adb1e8cf97
0d94547a0b8f9795e97e2a4a58b0ece65b4ea4b6e6019cbc96e1c79f373b4587
19594c51c61fc5fd833ddd0eecb648acebdf4d789b337f00cda0a03efbb1afcf
010d9f1f16c01db5ff37ff9b519d7ecf3be096e00ae597d7bec12b7099b2f852
https://notafiscal.nfe-digital.digital/nota-estadual/?notafiscal=
https://dpsols7.autodesk360.com/shares/download/file/SHd38bfQT1fb47330c99c55d44aacebd2ec7/dXJuOmFkc2sud2lwcHJvZDpmcy5maWxlOnZmLjhZc1hBS2Q2VHNDa0Z1NkZ0Q2tQdHc_dmVyc2lvbj00?b44bb61abebf41d695a4580f072d9b74|Stager
http://jucatyo6.autodesk360.com/shares/download/file/SHd38bfQT1fb47330c999c2a86b9a6d091b6/dXJuOmFkc2sud2lwcHJvZDpmcy5maWxlOnZmLnY0Uk5ubHlyU0JXd0hlLXJyZWk0T2c_dmVyc2lvbj0x?bfccc0fd975348c980dd89e57f94815f|Stager
nota-fiscal.nfe-digital.top
jucatyo6.autodesk360.com
dpsols7.autodesk360.com
nfe-digital.top
nfe-digital.site
nfe-digital.online
date.today
Attack Patterns
AllaSenha
AllaKore
T1556.002
T1107
T1021.001
T1055.003
T1053.005
T1185
T1564.003
T1119
T1564.001
T1059.005
T1055.002
T1497.001
T1059.001
T1547.001
T1059.007
T1056.001
T1071.001
T1518.001
T1498
T1027
Additional Informations
Finance
Brazil