Pulse Detail — Threat Intelligence

PULSE NAME

Mexican Banks and Cryptocurrency Platforms Targeted With AllaKore RAT

WHITE AlienVault 2024-01-29 Modified: 2024-02-28

300

IOCs

HIGH VOLUME

A modified AllaKore remote access tool (RAT) has been used in a long running campaign targeting banks and cryptocurrency trading entities in Mexico, according to BlackBerry cyber threat intelligence analysts and researchers.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1041 T1056 T1059 T1070 T1071 T1105 T1113 T1140 T1189 T1204 T1218 T1219 T1480 T1560 T1566 T1127 T1176 T1102 T1021

MALWARE FAMILIES

AllaKore

Indicators of Compromise (61 / 300 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 YARA domain

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	09096930751d28d388d3e0de003bcb7b	MD5 of e4a6be2fb70603f1545641240680b44e21b5601e8016c0d144711423eef9778e	2024-01-29
FileHash-MD5	117a5e4c3370b56b638d9af3b4c23820	MD5 of 66f5b7ca8760fb017b0750441707c24eaa916d5b8aa021b3aa92082c6129ca22	2024-01-29
FileHash-MD5	152ddf328ead07626867c1fd1a7552a4	MD5 of b00fee1c275d12a05ca8a06ab54ffac2e3e8da68fd2be450f34c36c8a38e4887	2024-01-29
FileHash-MD5	1bba062be49916885f3a0f35586a5354	MD5 of 8185e9784adfd6c2f1a286a724e7e374008667ae1f50cfa1a58451a5c33af536	2024-01-29
FileHash-MD5	1c44ac1d1fd4c804e3f62eb611017f20	MD5 of b61c027adcef5d2108dc13735cef5d4bce295f13de6032f3fee5129be74816b6	2024-01-29
FileHash-MD5	1f214640dc106550109831a121fcc51b	MD5 of 14f15b1d7951f078bbf412bb2ef774c812efff70280b86b8176994374c0e766d	2024-01-29
FileHash-MD5	208edcdd9247a2b19d26ceb43600722e	MD5 of 8d4d672eeba756c7ace20aea90219c8f7409b23ecc9c2eb47a31b1cd2d3577a6	2024-01-29
FileHash-MD5	21b7319ae748c43e413993ad57e8d08c	—	2024-01-29
FileHash-MD5	225440cd5024fce8fde73fef8c752293	MD5 of ee32169bef700d3dcceb86a101e188e5c0146a1104ee8809d1e031d93cdee36c	2024-01-29
FileHash-MD5	2573bc22aa022f9e9b1c2143546bfa1c	MD5 of 88a9e666d4231a98a909ae5780778b85ffdb8a5207b8f7dfca2a0911cc0f6580	2024-01-29
FileHash-MD5	27ec08377632940a2c21ba344fd1db7f	MD5 of 0324d8ed29829e5fa7add2bab1e73f2ad0094e80867caf57d35369a5e22fe79c	2024-01-29
FileHash-MD5	2a479fc75ca9cf2a5e9963b9fb03653d	MD5 of ec1ea0b01ad6cd431c8441dc83537c3d9ef00994f9dd76a3041ff50c2526ce38	2024-01-29
FileHash-MD5	2c84d115a74d2e9d00a14f19eb7f8129	—	2024-01-29
FileHash-MD5	314db22c84340e5b5a6e525f56465b7f	MD5 of 0835d21b60e3443892988d675f20393d79503ca6e37a889d9f7da19c321b3426	2024-01-29
FileHash-MD5	322b003960004ca168790259e7698ca5	MD5 of 46c14c2f0d04710f53db16473877d3315c13e1a33a3236846a87e8f91808c8eb	2024-01-29
FileHash-MD5	34bb581c25478368efbfbd78a55018be	MD5 of 46f5ffcc04ea1eaf09cfce1a9329624c85a5c5435d91444a55ce02fceebfd2f7	2024-01-29
FileHash-MD5	36aa3d535d259e460b27b607d2b4f5ff	MD5 of 2867d87bbc088b8cc50ff66f1d9c064cba978433cdb900649bbbb44370f8cbd1	2024-01-29
FileHash-MD5	43cb44ac65c9b0b6a94a196ce39af259	MD5 of f0dfa2297df28f64dc38da3a54bbef5c499691a8cf05de0f08e20f4f7077e67c	2024-01-29
FileHash-MD5	46ed91ae4a30b8c36989391b2cdac3ac	MD5 of 55f1b8346fc2e94791431a237d8a38fb6bb2014380b1905955d12bccb8c24e79	2024-01-29
FileHash-MD5	49bb0d45fd0f2f8ebeaebf4d704aa7ea	MD5 of ee772e1260c6adc532bed57cacdbb6e0b8db311996074ad42eaf1aefd243187a	2024-01-29
FileHash-MD5	4c5bf5e5dbd156b75f1f5b527807d081	MD5 of 7bb22d7013dede7b866ab25cbe32246228c46bd8a951b5a72557b7280ebb066f	2024-01-29
FileHash-MD5	51ded4e877aabebdc3f15fd762a446c6	MD5 of ed7da8aef7dbe652b429d64a918a943c6586e1d4cec353c84663f8b451c09874	2024-01-29
FileHash-MD5	54d32eb86daccd49e602ac522c9c8973	MD5 of cee2730a6e4100e3b865cb6fee41f77ec5a8bfce186b1e121ebb4236cd3dff88	2024-01-29
FileHash-MD5	573a5cf5d651035769bc06b1d4bcf4cb	MD5 of 0eb20898a0a3c1f4a4210a819fa0bd8f8574db3413db8b85e381ab0c1963791a	2024-01-29
FileHash-MD5	5e018d4b9eb7b19d2b5b7be452f12840	MD5 of 31e060d82ef68613d26b5e47c3934d482fc2975dad71fa6e677900cc8a938116	2024-01-29
FileHash-MD5	618930bcb601b1b4dd1eeb81c977b5b6	MD5 of 49de6df83c5fe55c4e45b5744203513832f0435dbbd7913a3ce7f827afe51236	2024-01-29
FileHash-MD5	62d9656a9cae49be6eaadb792f3d6633	MD5 of f8262a0c746bbfbb3e7cb17398953cd8391cdf416b759d4be1f1fc11611f4eb3	2024-01-29
FileHash-MD5	660b2cab59495520665c364e2949b5ce	MD5 of d5ac0f4efa8396ae9ba74cc3ea2a62485e4d49a930efed0d69b043162bb66cc2	2024-01-29
FileHash-MD5	6b63bd67a34011f41ecb33739f154503	MD5 of bf3e96bb6273890f48b566e9d484e0e747e8f21e3dbd6606a39edf98faedc7b1	2024-01-29
FileHash-MD5	7060383c480eef912b6892816ab8cc5d	MD5 of 2be8c01e5ffcabb566212268a63ef3c42db5c57d3e879abe99b06b48ac9bacda	2024-01-29
FileHash-MD5	716cf0540057c6db5c00bdb0048c40ab	MD5 of eecc201c80809b636d945aa537b954dd2e39382c36067a040a672167a1257a09	2024-01-29
FileHash-MD5	7be0a880254a4fe424ef303a3f99b4c6	MD5 of 968f90a4567cdf67885c116379c792b4eeda1f7f8bd2cf34daf8c58b17f2ec0f	2024-01-29
FileHash-MD5	8341fa92a126e836ea6a70b6e673a67c	MD5 of 1230b1a189b17a4da79bc10bde0fbb439c37997c8f927d4a80c61b006d8b3267	2024-01-29
FileHash-MD5	83ed07ab90133b6afea1d489b1952719	MD5 of c86f9d739ea3c6b57fd070892be9d1d4b3c50fca8a8c3e05cf84875378fcc649	2024-01-29
FileHash-MD5	8a8a045c1fdfd5d59a4f23cadd4d83f7	MD5 of 911e45d053bdf3a41e812203ae29db739cf3505a4e37209936c1cc83ee42e8e9	2024-01-29
FileHash-MD5	92020794e5f9ce4bb6c5ebf2dd9bde8f	MD5 of 8cc14643ec452aa35e709ae34b874e0f070a20b174e7eeb2a046351a329cdde9	2024-01-29
FileHash-MD5	92e0a6c51260441732ce0d40502b7222	MD5 of 3499e5bd9daad587e05337bae5e953f279ebee20d9cf6d2a1707be28ce6295bf	2024-01-29
FileHash-MD5	934755a80c10040ba71add09002df8b1	MD5 of c5a4bf56670d51fed1e88050eddb003f39af0e22fbb01163679fef758b000392	2024-01-29
FileHash-MD5	97653f12c426ac030ae0f986ad2bd913	MD5 of 6d3a50a354bcf2df226ce1065563755b3ab16d2e440900e3b80a9f0571c0f73a	2024-01-29
FileHash-MD5	9c2d8ddf2362e9c56a3b9efcdaab69db	MD5 of 42f1d24e135b9d3e4fd38e1ec3ab20cae495ec3526ae4037d937c6344914e923	2024-01-29
FileHash-MD5	9ca0eaeacf1c3b439fedb574f3116a8d	MD5 of 05d0dd9916646c6144506bb26cab500d807ab015609bd19634e890fbeb63e48f	2024-01-29
FileHash-MD5	a22036214cc044113df2c1c11a924f16	MD5 of 53e196f293b4f99face97449d18106f7dc9df5b9170354d1c1da27f9ec71849c	2024-01-29
FileHash-MD5	aa11bedc627f4ba588d444b977880ade	MD5 of 6d516a96d6aa39dd9fc2d745ea39658c52ab56d62ef7a56276e2e050d916e19f	2024-01-29
FileHash-MD5	aa9f029526defa5599b8f4fcfff42e9a	MD5 of 84a468a25a8c65dac51f520732d2e9e6afa6b59e4b2f485c262a9bd305cd61c0	2024-01-29
FileHash-MD5	ac2d94e83e8cfd2496a26176fff90894	MD5 of 872c58b72962c1f0696b26563425c6734cc2246d1ea3375f675c1bd1ca915e59	2024-01-29
FileHash-MD5	b8e722fbc56c680cd65ce9af9c2e809d	MD5 of c625ac5c134a74d84f8ce91504e41af15972ec71c064f7a5d31c588a8ff2c332	2024-01-29
FileHash-MD5	ba60fafc94ba74a52a723cb41ce7775d	MD5 of 56f7283604960cca96200e5da47dd6a4408086a77973f96ca230b2a583545cd8	2024-01-29
FileHash-MD5	bcc51b0ab8fa4ad50c7462a9d3b37b23	MD5 of bbd94254223f4ec3edbcc44c5d6d5ae5029c8d9c4512f02d3c61d2a28c3c5416	2024-01-29
FileHash-MD5	bd1460966ea28a518cc1e2df350e7e7d	MD5 of 301f27dc88655927ce45b0c1138b4931b0d3aa7dcfdd424315d5c7339c540e52	2024-01-29
FileHash-MD5	c420725040f7054a95b574e54c17558a	MD5 of 19d357351a29f6530624556bd31c475d56ea9ad76f31eb28f7d251fa3c751d62	2024-01-29
FileHash-MD5	c9d2c4cb12632d9b0f91340aff5ae9a9	MD5 of 61037a3321e143d85cdf77abf31f33ca5a701da0b84cef172bcf89457dfb4e7d	2024-01-29
FileHash-MD5	cc587a6c3db34983ad168a4bb1821aa5	MD5 of 8fce1d24cf952528169f473b9462724482511615ed31165710e5e3a74cefdd02	2024-01-29
FileHash-MD5	ce41379802c5cf4892fa24336751f1a5	MD5 of 40fc64907dcd0063e5f2b604fe78d0484d821cb9cda199d3cdca5e0219b43587	2024-01-29
FileHash-MD5	cfbd7a22de1b844ad0ba7abce6f4d863	MD5 of 4276b4b4504edff275a4d56b99f66b23c48b49f4081abab36bf4d8f88818e2da	2024-01-29
FileHash-MD5	cff1d6b0c120625b41fa8fab2d4bb9de	MD5 of a65091e8912e4b65458041f866d37410b46e7a9432a57e0d7dc01ca4a21f3940	2024-01-29
FileHash-MD5	d1c3a9b46579e3b325066a075cf3bb7b	MD5 of 9402128b9602fbb485be887def8cd72c3265cd09f6dbf4e0a3ad2ea42da66870	2024-01-29
FileHash-MD5	d32c074edf5321f0ddf54889f2d1c8b0	MD5 of da61eb41bffd50a07793ccc8b2ead76f5c49313445f07aa685c28523bbf39a00	2024-01-29
FileHash-MD5	d8cb1987a2b93b6df0f7e12073586e20	MD5 of 5961b42f8efad58c437bdad862a0337c6bcd57f7cbf35184f2de60f4609fd477	2024-01-29
FileHash-MD5	e5447d258c5167db494e6f2a297a9be8	—	2024-01-29
FileHash-MD5	f1dde74c10bb6cb6724038be77cbf6f7	MD5 of e2d82ab6cc71a1d8d2a2ba2312b0d8a4a3d23e3902d5b180383d9e406097a9ff	2024-01-29
FileHash-MD5	f46d8d5c357043575f1f33c6dd4b73f9	MD5 of 77607c0a0a1dcaa4f1ba27e17d5eba5d79fbbf64e1e71b8f4e03a6f724653355	2024-01-29

References (1)

↗ https://blogs.blackberry.com/en/2024/01/mexican-banks-and-cryptocurrency-platforms-targeted-with-allakore-rat