Mexican Banks and Cryptocurrency Platforms Targeted With AllaKore RAT
Tags
country: Spain Laos Mexico
maec-delivery-vectors: Watering Hole
attack-pattern: Data Credentials - T1589.001 Execution Guardrails - T1480 File Deletion - T1070.004 Keylogging - T1056.001 Malicious Link - T1204.001 Msiexec - T1218.007 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Web Protocols - T1071.001 Deobfuscate/Decode Files Or Information - T1140 Drive-By Compromise - T1189 Exfiltration Over Command And Control Channel - T1041 Remote File Copy - T1105 Remote Access Tools - T1219 Screen Capture - T1113
Show in Graph
Common Information
Type Value
UUID 97963db9-6421-4daf-aece-4026b00148ab
Fingerprint 4d9d609b7d650090
Analysis status DONE
Considered CTI value 2
Text language
Published Jan. 24, 2024, midnight
Added to db Aug. 31, 2024, 1:43 a.m.
Last updated Nov. 17, 2024, 6:56 p.m.
Headline Mexican Banks and Cryptocurrency Platforms Targeted With AllaKore RAT
Title Mexican Banks and Cryptocurrency Platforms Targeted With AllaKore RAT
Detected Hints/Tags/Attributes 59/3/16
Source URLs
Redirection Url
Details Source https://blogs.blackberry.com/en/2024/01/mexican-banks-and-cryptocurrency-platforms-targeted-with-allakore-rat
URL Provider
Details Provider Source level domain
Details blackberry.com blogs.blackberry.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 56 Latest Articles - BlackBerry Blogs https://blogs.blackberry.com/en/feed.rss 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details sha256 1 
942865d0c76b71a075b21525bd32a1ceca830071e5c61123664bd332c7a8de2a
Details MITRE ATT&CK Techniques 183 
T1189
Details MITRE ATT&CK Techniques 106 
T1204.001
Details MITRE ATT&CK Techniques 460 
T1059.001
Details MITRE ATT&CK Techniques 39 
T1218.007
Details MITRE ATT&CK Techniques 48 
T1480
Details MITRE ATT&CK Techniques 297 
T1070.004
Details MITRE ATT&CK Techniques 504 
T1140
Details MITRE ATT&CK Techniques 492 
T1105
Details MITRE ATT&CK Techniques 442 
T1071.001
Details MITRE ATT&CK Techniques 141 
T1219
Details MITRE ATT&CK Techniques 118 
T1056.001
Details MITRE ATT&CK Techniques 219 
T1113
Details MITRE ATT&CK Techniques 422 
T1041
Details Yara rule 1 
rule MX_fin_downloader_kaje_decode_func {
	meta:
		author = "BlackBerry Threat Research & Intelligence Team"
		description = "Locates .NET function that deobfuscates kaje filename"
		date = "2023-12-19"
	strings:
		$s1 = { 1A 8D ?? 00 00 01 25 16 1F 6A 06 58 D2 9C 25 17 1F 62 06 59 D2 9C 25 18 1F 6B 06 59 D2 9C 25 19 1F 66 06 59 D2 9C 0B }
	condition:
		all of them
}
Details Yara rule 1 
rule MX_fin_custom_allakore_rat {
	meta:
		author = "BlackBerry Threat Research & Intelligence Team"
		description = "Find MX fin custom function names and prefixes."
		date = "2023-12-19"
	strings:
		$main = "<|MAINSOCKET|>"
		$cnc1 = "<|MANDAFIRMA|>"
		$cnc2 = "<|FIRMASANTA|>"
		$cnc3 = "<|MENSAJE" wide
		$cnc4 = "<|DESTRABA" wide
		$cnc5 = "<|TOKEN" wide
		$cnc6 = "<|TRABAR" wide
		$cnc7 = "<|USU" wide
		$cnc8 = "<|ACTUALIZA|>" wide
		$cnc9 = "<|BANA" wide
		$cnc10 = "<|CLAVE" wide
	condition:
		uint16(0) == 0x5A4D and $main and 2 of ($cnc*) and filesize > 5MB and filesize < 12MB
}