AllaSenha: AllaKore variant leverages Azure cloud C2 to steal banking details in Latin America
released on 2024-05-31 @ 12:22:14 PM
Earlier in May, a security product detected a malicious payload aimed at stealing credentials required to access Brazilian bank accounts. The payload, named AllaSenha, is a variant of the infamous AllaKore RAT, leveraging Azure cloud infrastructure for command and control. It is specifically designed to target users in Latin America through an intricate infection chain involving Python scripts and a Delphi-developed loader. This analysis describes the infection chain, provides indicators of compromise, and presents the capabilities of AllaSenha malware.