Braodo Info Stealer Targeting Vietnam and Abroad
July 15, 2024, 10:54 a.m.
Description
CYFIRMA discovered Braodo Stealer, a Python-based malware active since early 2024, primarily targeting users in Vietnam but also present in the US, Czechia, Germany, Netherlands, Singapore, and the UK. This malware utilizes GitHub and a Singapore-based VPS server to host and distribute its malicious code. It exfiltrates internet browser data, including credentials from various platforms and accounts, via Telegram bots. Developed by threat actors based in Vietnam, Braodo Stealer operates stealthily, collecting and archiving data before sending it to the bots.
Tags
Date
- Created: July 15, 2024, 10:42 a.m.
- Published: July 15, 2024, 10:42 a.m.
- Modified: July 15, 2024, 10:54 a.m.
Indicators
- f735c170cee9e89c0318f266fc7469fde40d19eca406fbfa974b872a9b367a19
- f65c51f438241475dd8856ffa578610cfabab4aa8b52a09febf5ae061a5f42f7
- f4f843853c7a08c08181516ae2a910dfeb712e32b4ab10df23149d9f57ab581e
- e246a68e4ff8098ffd08da24c27726a11daa84f63b27bf79b93b374d9757d032
- c15dee4fe227d6311f612f3aacc86080e2f8c450ad3b78d1271603891ec61a52
- bde85da1206fa48ac5a66818023a495bb03418a32a2936afef3cdb332a2bce17
- b84dc0ea50ce08686d543cc08b87792026c233afee9b029768e0648cf5b06bd8
- 998bb0d396dbf2ed6a412737f040228b00782267d473ceae502788451e076825
- 76c0693dce55c0835ad73102541d4244b3b7ee91649890faca85290b4f9ab005
- 6ec111b78a9788fcbca92dcc48b0d5f78d4df6a5f8d0ce96390851e832eace0d
- 4c3b91cd25650a7e1ee80164fd0598cdbf64e75ddf4ce08141aea42ee56cb134
- 4092ff03e7a69efd728a0dd2a181fdeef99df6ebdf0e6f39140718e805efe655
- 103.54.153.116
- 45.147.97.170
Attack Patterns
- Braodo Stealer
- T1606.001
- T1064
- T1555.003
- T1547.001
- T1071.001
- T1005
- T1057
- T1083
- T1041
- T1059
Additional Informations
- Singapore
- Czechia
- Netherlands
- Germany
- United Kingdom of Great Britain and Northern Ireland
- United States of America