AllaSenha: AllaKore variant leverages Azure cloud C2 to steal banking details in Latin America
Essential information
- Published
- 31/05/2024 12:22
- Modified
- 31/05/2024 12:35
- Tags
- 2024-05-31 allakore allasenha azure banking brazil credential stealing trojan
- Related entities
- 61 observables, 20 techniques (mitre), 2 malware, 2 others
Description
Earlier in May, a security product detected a malicious payload aimed at stealing credentials required to access Brazilian bank accounts. The payload, named AllaSenha, is a variant of the infamous AllaKore RAT, leveraging Azure cloud infrastructure for command and control. It is specifically designed to target users in Latin America through an intricate infection chain involving Python scripts and a Delphi-developed loader. This analysis describes the infection chain, provides indicators of compromise, and presents the capabilities of AllaSenha malware.