Pulse Detail — Threat Intelligence

PULSE NAME

Greedy Sponge Targets Mexico with AllaKore RAT and SystemBC

WHITE Greedy Sponge AlienVault 2025-08-21 Modified: 2025-08-21

139

IOCs

HIGH VOLUME

A financially motivated threat group dubbed Greedy Sponge has been targeting Mexican organizations since 2021 with a modified version of AllaKore RAT and SystemBC malware. The group uses spear-phishing and drive-by downloads to deliver custom packaged installers containing the RAT. Recent updates include improved geofencing, more potent secondary infections, and enhanced credential stealing capabilities. The AllaKore payload has been heavily modified to enable theft of banking credentials and authentication information. The group has shown consistent development of their tactics and techniques over time, demonstrating persistence and some level of operational success. Despite their longevity, they are not considered highly advanced, focusing primarily on financial fraud against Mexican entities across various industries.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1113 T1132.001 T1056.001 T1548.002 T1204.002 T1218.007 T1140 T1555 T1218.003 T1041 T1547.001 T1070.004 T1071.001 T1059.005 T1105 T1591.001

MALWARE FAMILIES

AllaKore RAT SystemBC

Indicators of Compromise (139)

All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain

TYPE	INDICATOR	DESCRIPTION	CREATED
CVE	CVE-2025-20265	—	2025-08-21
CVE	CVE-2025-25256	—	2025-08-21
FileHash-MD5	058bde7b3385b70d59120b24390377af	—	2025-08-21
FileHash-MD5	09096930751d28d388d3e0de003bcb7b	—	2025-08-21
FileHash-MD5	12dbbfccd463ec884f788abd5933f8aa	—	2025-08-21
FileHash-MD5	29a9d202ba2d46047edba9539abba0cd	—	2025-08-21
FileHash-MD5	2f0b96c3262108012dcf9a940ae461da	—	2025-08-21
FileHash-MD5	30f6cb0f6d417cd2cb9756dc5d05d4cd	—	2025-08-21
FileHash-MD5	35932f5856dbf8ba51e048b3b2bb2d7b	—	2025-08-21
FileHash-MD5	40291ec2bd7f23aa76435d5d14f96758	—	2025-08-21
FileHash-MD5	42300099a726353abfddbfdd5773de83	—	2025-08-21
FileHash-MD5	47ead282cd7c6a667d9b4cc9b0c6935e	—	2025-08-21
FileHash-MD5	59401f25ac88f1c1fe0a5981dc29ea57	—	2025-08-21
FileHash-MD5	59c6ae6bbe3d048d267d4900c9585828	—	2025-08-21
FileHash-MD5	733f33faedb263d914163043b5242f0a	—	2025-08-21
FileHash-MD5	746c9f8f002fb8569d19cb2cdc1295ed	—	2025-08-21
FileHash-MD5	750a33531763724e8db051750a08cf99	—	2025-08-21
FileHash-MD5	768a78b4b12efe721139c474fbf139f4	—	2025-08-21
FileHash-MD5	81444a9c9f74be2c8ba32542bcc68bab	—	2025-08-21
FileHash-MD5	a3d03ec08345e7cf02818122fc5b31f3	—	2025-08-21
FileHash-MD5	a50d0d1bf9ab8291e986e59ebd92be14	—	2025-08-21
FileHash-MD5	aa8b32b21dcf44a332f9c9d13af3cd7d	—	2025-08-21
FileHash-MD5	ac2fa680544b1b1e452753b78b460a59	—	2025-08-21
FileHash-MD5	ac69851a5144e0eb28923ca2e3b8cbe2	—	2025-08-21
FileHash-MD5	b2cb036f919d3cd003023c95c4bbb983	—	2025-08-21
FileHash-MD5	b4c5d6749222539ff6fb6c83174867ea	—	2025-08-21
FileHash-MD5	b90a102fccedad57b06dc8fb6a58895b	—	2025-08-21
FileHash-MD5	bd3782580c0ddbda2288b2d5d5a72258	—	2025-08-21
FileHash-MD5	bd9d9a4be3d93acf3228607b435a4828	—	2025-08-21
FileHash-MD5	c48f0372aecf3a7c3d8fab599e7afcde	—	2025-08-21
FileHash-MD5	c74e97cf0086782ab8d22919b11f9c9d	—	2025-08-21
FileHash-MD5	cddc9f377fc5a70ee8140f763aa52f98	—	2025-08-21
FileHash-MD5	d355ff7b4e022eff5c2b5a5aabae5ad0	—	2025-08-21
FileHash-MD5	df9b2ff8bd9164ae0f2c802c555d2c4f	—	2025-08-21
FileHash-MD5	e641690408faf6320fd7c820644ec889	—	2025-08-21
FileHash-MD5	e78fa70b0e38c7c8c29048cebba2dd74	—	2025-08-21
FileHash-SHA1	053224db09cd1aba855bdc7a62b41d4268ca9660	—	2025-08-21
FileHash-SHA1	097b9cbf30c4a6e47d65195be29ca685e4ab9ad3	—	2025-08-21
FileHash-SHA1	1898b0a6a48af5d6cd71ff81179f8825e93f7d0f	—	2025-08-21
FileHash-SHA1	1a86ef6a14ce9c933059f1f394f1a4ad677ad6cb	—	2025-08-21
FileHash-SHA1	1c7977cb15aac2ce3da358cb3e94e59ec2adfb0e	—	2025-08-21
FileHash-SHA1	2254c143b228f500a7805e151598ae83d82ea1a9	—	2025-08-21
FileHash-SHA1	25bab55bf08f9a2a3060bbd5a3313816c6d0ad8c	—	2025-08-21
FileHash-SHA1	379a4288dc5dd66bc1d9b50d7008eca1e71b8fdf	—	2025-08-21
FileHash-SHA1	38f32c2fc431920a718a7abefb1e12d75165519c	—	2025-08-21
FileHash-SHA1	3c529a9645899552de16107d532c6cfa8f34a33b	—	2025-08-21
FileHash-SHA1	4168a649e09e85aab7c07de99a53c24990562d80	—	2025-08-21
FileHash-SHA1	4a854ff7cd0bd1c23412904f029160c708e9e9ad	—	2025-08-21
FileHash-SHA1	4fb30655039867989a5db2a2d56e41950b41761c	—	2025-08-21
FileHash-SHA1	57ea5bc924cd3eb727cde351cabe608f62517872	—	2025-08-21
FileHash-SHA1	632504b6f0b8ce84f044d794520e5afb7f0842f9	—	2025-08-21
FileHash-SHA1	64e3bece71f9c91d294799b075627d14031e6672	—	2025-08-21
FileHash-SHA1	6b7dde439ad72bb1f5d55bb8a131cddaf8cd1ec2	—	2025-08-21
FileHash-SHA1	6caa48106922760797365bc226c7573b4f628675	—	2025-08-21
FileHash-SHA1	6f6b21d087b4d292ac5100513ae42ff8a4798cb6	—	2025-08-21
FileHash-SHA1	78791b563a04685fc96e9f8b46ab292a214d3b5b	—	2025-08-21
FileHash-SHA1	88ccadf87258fdccab1184a673200c28f549ca9c	—	2025-08-21
FileHash-SHA1	915592d3a7282f484a1bb1c87524241572e0ded7	—	2025-08-21
FileHash-SHA1	976801a4e902758d5c96f117037af0e03c59ccdf	—	2025-08-21
FileHash-SHA1	9dd0043d930cab03c179ec473c4380ecabd45b2f	—	2025-08-21
FileHash-SHA1	b4ca022d0fbffd82dab3c77bbe24a3a961063d38	—	2025-08-21
FileHash-SHA1	b6c7ea84f569e51db39e3690762c0e66edccf778	—	2025-08-21
FileHash-SHA1	bd0d372f73cb7053ff925c074d0b9a20d8217f6f	—	2025-08-21
FileHash-SHA1	bd65cec8507cbb6c59a535bfcca8d54f22284314	—	2025-08-21
FileHash-SHA1	bfcca4b80ace8fbd536fb384df5dbeeadf6c79a7	—	2025-08-21
FileHash-SHA1	c7d5ce5e35a44ec2f09f74a3f3a0be742f23dba7	—	2025-08-21
FileHash-SHA1	df429c46d63b5441e47aaf5ae89ed6ba936bcbc3	—	2025-08-21
FileHash-SHA1	e3c6532c3baf9046fe57f7971cdaeff77c6dbe83	—	2025-08-21
FileHash-SHA1	e8b487016e5ba0507af37277c5a60d39a74cbe4d	—	2025-08-21
FileHash-SHA256	0dbaf8970c0620e1b5902fd87c1cd0e72e917c45add84a024338c0481b5e161c	—	2025-08-21
FileHash-SHA256	12557dcf9c9a609521d7a2cc84a7e6fb95a93957aed6bda0f9644e96dfbbc180	—	2025-08-21
FileHash-SHA256	20fe630a63dd1741ec4ade9fe05b2e7e57208f776d5e20bbf0a012fea96ad0c0	—	2025-08-21
FileHash-SHA256	21614973732d4012889da2e1538b20fd1c0aefdb1d1452d79fd9a1bc06d569da	—	2025-08-21
FileHash-SHA256	32ef3a0da762bc88afb876537809350a885bbbc3ec59b1838e9e9ccc0a04b081	—	2025-08-21
FileHash-SHA256	34e347d1c9ce80b4e2b77f2de5aa7b4d98084704896bd169338c6d4b440e16c3	—	2025-08-21
FileHash-SHA256	3729396b11c69c60f9d096ce726f4cc5b4ed2054d89f7d195e998456de7fb229	—	2025-08-21
FileHash-SHA256	3b0772608844821555bb90e0218972f89f421dad9b1f7bd1918de26a929e998f	—	2025-08-21
FileHash-SHA256	4bf4bcf1cc45d9e50efbd184aad827e2c81f900a53961cf4fbea90fa31ca7549	—	2025-08-21
FileHash-SHA256	4f08865b1bdcc0e27e34bbd722279de661c92ce9aafb9fced1b5de1275887486	—	2025-08-21
FileHash-SHA256	50e5cd438024b34ba638e170f6e4595b0361dedb0ea925d06d06f68988468ddf	—	2025-08-21
FileHash-SHA256	53b85d1b7127c365a4ebae5f22ed479cd5d7e9efc716fb9df68ebdd18551834a	—	2025-08-21
FileHash-SHA256	544091acb5807aaac32ca4843bb85c4aa7ce0ab0acda296efa1a23fe3c181b7e	—	2025-08-21
FileHash-SHA256	5b51d1682cbd40cc6eca23333554ab16b7ed4bbd727712b3a00b07c24e629863	—	2025-08-21
FileHash-SHA256	5d16547900119112c12a755e099bed1fafe1890869df4db297a6a21ec40185b0	—	2025-08-21
FileHash-SHA256	65fc84ffd9be05720b700292b7dbc0ac8afa7faaadf6fcd4485ce34785ba0932	—	2025-08-21
FileHash-SHA256	681b15a43925e02d7f4f0c9e554e8d73e230931ce6634f49dd5b204afd03d20c	—	2025-08-21
FileHash-SHA256	73a46441a7135296d1070f5905a5cb6453ea8511a99a3b9c76060069aa7abcef	—	2025-08-21
FileHash-SHA256	79a5ac15d0de66df3dd00a4148aa76dc183ebf47553fbcc5355f4902dc981267	—	2025-08-21
FileHash-SHA256	84b046a4dbfcd9d4b2d62b4bc8faaf4c6395696f1e688f464bc9e0b760885263	—	2025-08-21
FileHash-SHA256	8634988a90e69d8e657f72cf5f599176be5854448e0544abc42eb49b0c245f0c	—	2025-08-21
FileHash-SHA256	8bf0d693033a761843ae20c7e118c05f851230cb95058f836ffe2b51770f788a	—	2025-08-21
FileHash-SHA256	9170503615e4d2cf1d67f0935ded3ce36a984247ae7f9ab406d81ebe1daf3604	—	2025-08-21
FileHash-SHA256	974c221c75c35d03dd2158d1d1a0a72a7ae85a6f7c1c729977f3676f946758ee	—	2025-08-21
FileHash-SHA256	a83f218d9dbb05c1808a71c75f3535551b67d41da6bb027ac0972597a1fc49fe	—	2025-08-21
FileHash-SHA256	a8abffa5d7259a94951d96ad3d60e8910927b5d0697f8edece2e295154e00832	—	2025-08-21
FileHash-SHA256	b9bb43b725a454e826ab64fdd6256af809c60119dab2876d081b3721d226c672	—	2025-08-21
FileHash-SHA256	bb3f433799c30a8aad5257abc2df479ecad058f6099fd89fb8e7c278dfe3be45	—	2025-08-21
FileHash-SHA256	bd299b5e3d7645b10286410f98f6ec79d803ce2b977c61e49f2dc26285823c99	—	2025-08-21
FileHash-SHA256	c33723a6c0ece4f790396f5fd5133cf384143736e6acd06e1d7642c04757bbae	—	2025-08-21
FileHash-SHA256	c3e7089e47e5c9fc896214bc44d35608854cd5fa70ae5c19aadb0748c6b353d6	—	2025-08-21
FileHash-SHA256	d8343068669d8fbb52b0af87bd3d4f3579d76192d021b37b6fd236b0973e4a5d	—	2025-08-21
FileHash-SHA256	dc409e9fa8b8c031c347d9c36f5732ea03e246c29d73e3425e4e8aaa1da6ff7c	—	2025-08-21
FileHash-SHA256	dcfa26a38a5af8a072104854fba1b7c0aa9ec99875d35dbd623c12932df44969	—	2025-08-21
FileHash-SHA256	e4a6be2fb70603f1545641240680b44e21b5601e8016c0d144711423eef9778e	—	2025-08-21
FileHash-SHA256	e848a0f1900e2f0be9ed1ea8e947ae3bae14e78f3ff81c02d8e5a54353cdbac8	—	2025-08-21
FileHash-SHA256	e9b9cdb713bfea40e13acffbe90faa536df206675819035835ce9218365cd118	—	2025-08-21
FileHash-SHA256	e9cd7c4db074c8e7c6b488a724be1cd05c8536dae28674ce3aa48ebb258e3c31	—	2025-08-21
FileHash-SHA256	f5adef8c202e62125be49f748ed3b30b34e0fb2c9539c805dd96a75a26c7ddc4	—	2025-08-21
FileHash-SHA256	f76b456cf2af1382325c704bf70b5168d28d30da0f3d0a5207901277e01db395	—	2025-08-21
FileHash-SHA256	fed1c094280d1361e8a9aafdb4c1b3e63e0f2e5bb549d5d737d0a33f2b63b4b8	—	2025-08-21
URL	http://masamadreartesanal.com/tag/ss.exe	—	2025-08-21
URL	https://manzisuape.com/amw/	—	2025-08-21
URL	https://manzisuape.com/ao/190.exe	—	2025-08-21
URL	https://masamadreartesanal.com/tag/ss.exe	—	2025-08-21
FileHash-SHA1	1e96a1c36ded88ea3f6aa6b6c260786f73455c10	—	2025-08-21
FileHash-SHA1	7ea3fc2ad4b9c7108cb3b1efc9d94b87dc032c12	—	2025-08-21
domain	arimateas.com	—	2025-08-21
domain	barrosuon.com	—	2025-08-21
domain	capitolioeventos.com	—	2025-08-21
domain	chuacheneguer.com	—	2025-08-21
domain	cleanmades.com	—	2025-08-21
domain	cupertujo.com	—	2025-08-21
domain	elitesubmissions.com	—	2025-08-21
domain	flapawer.com	—	2025-08-21
domain	glossovers.com	—	2025-08-21
domain	idaculipa.com	—	2025-08-21
domain	inmobiliariaarte.com	—	2025-08-21
domain	kalichepa.com	—	2025-08-21
domain	logisticasmata.com	—	2025-08-21
domain	manzisuape.com	—	2025-08-21
domain	masamadreartesanal.com	—	2025-08-21
domain	mepunico.com	—	2025-08-21
domain	metritono.com	—	2025-08-21
domain	mx-terrasabvia.com	—	2025-08-21
domain	pachisuave.com	—	2025-08-21
domain	pasaaportes-citas-srre-gob.com	—	2025-08-21
domain	siperasul.com	—	2025-08-21
domain	tlelmeuas.com	—	2025-08-21
domain	trenipono.com	—	2025-08-21

References (1)

↗ https://arcticwolf.com/resources/blog/greedy-sponge-targets-mexico-with-allakore-rat-and-systembc