Back

Braodo Info Stealer Targeting Vietnam and Abroad

July 15, 2024, 10:54 a.m.

Tags

obfuscation
stealer
exfiltration
2024-07-15
telegram
vietnam
braodo stealer

External References

https://www.cyfirma.com/

https://otx.alienvault.com/

Description

CYFIRMA discovered Braodo Stealer, a Python-based malware active since early 2024, primarily targeting users in Vietnam but also present in the US, Czechia, Germany, Netherlands, Singapore, and the UK. This malware utilizes GitHub and a Singapore-based VPS server to host and distribute its malicious code. It exfiltrates internet browser data, including credentials from various platforms and accounts, via Telegram bots. Developed by threat actors based in Vietnam, Braodo Stealer operates stealthily, collecting and archiving data before sending it to the bots.

Date

Published Created Modified
July 15, 2024, 10:42 a.m. July 15, 2024, 10:42 a.m. July 15, 2024, 10:54 a.m.

Indicators

f735c170cee9e89c0318f266fc7469fde40d19eca406fbfa974b872a9b367a19

f65c51f438241475dd8856ffa578610cfabab4aa8b52a09febf5ae061a5f42f7

f4f843853c7a08c08181516ae2a910dfeb712e32b4ab10df23149d9f57ab581e

e246a68e4ff8098ffd08da24c27726a11daa84f63b27bf79b93b374d9757d032

c15dee4fe227d6311f612f3aacc86080e2f8c450ad3b78d1271603891ec61a52

bde85da1206fa48ac5a66818023a495bb03418a32a2936afef3cdb332a2bce17

b84dc0ea50ce08686d543cc08b87792026c233afee9b029768e0648cf5b06bd8

998bb0d396dbf2ed6a412737f040228b00782267d473ceae502788451e076825

76c0693dce55c0835ad73102541d4244b3b7ee91649890faca85290b4f9ab005

6ec111b78a9788fcbca92dcc48b0d5f78d4df6a5f8d0ce96390851e832eace0d

4c3b91cd25650a7e1ee80164fd0598cdbf64e75ddf4ce08141aea42ee56cb134

4092ff03e7a69efd728a0dd2a181fdeef99df6ebdf0e6f39140718e805efe655

103.54.153.116

45.147.97.170

Attack Patterns

Braodo Stealer

T1606.001

T1064

T1555.003

T1547.001

T1071.001

T1005

T1057

T1083

T1041

T1059

Additional Informations

Singapore

Czechia

Netherlands

Germany

United Kingdom of Great Britain and Northern Ireland

United States of America