Braodo Info Stealer Targeting Vietnam and Abroad
July 15, 2024, 10:54 a.m.
Tags
External References
Description
CYFIRMA discovered Braodo Stealer, a Python-based malware active since early 2024, primarily targeting users in Vietnam but also present in the US, Czechia, Germany, Netherlands, Singapore, and the UK. This malware utilizes GitHub and a Singapore-based VPS server to host and distribute its malicious code. It exfiltrates internet browser data, including credentials from various platforms and accounts, via Telegram bots. Developed by threat actors based in Vietnam, Braodo Stealer operates stealthily, collecting and archiving data before sending it to the bots.
Date
Published: July 15, 2024, 10:42 a.m.
Created: July 15, 2024, 10:42 a.m.
Modified: July 15, 2024, 10:54 a.m.
Indicators
f735c170cee9e89c0318f266fc7469fde40d19eca406fbfa974b872a9b367a19
f65c51f438241475dd8856ffa578610cfabab4aa8b52a09febf5ae061a5f42f7
f4f843853c7a08c08181516ae2a910dfeb712e32b4ab10df23149d9f57ab581e
e246a68e4ff8098ffd08da24c27726a11daa84f63b27bf79b93b374d9757d032
c15dee4fe227d6311f612f3aacc86080e2f8c450ad3b78d1271603891ec61a52
bde85da1206fa48ac5a66818023a495bb03418a32a2936afef3cdb332a2bce17
b84dc0ea50ce08686d543cc08b87792026c233afee9b029768e0648cf5b06bd8
998bb0d396dbf2ed6a412737f040228b00782267d473ceae502788451e076825
76c0693dce55c0835ad73102541d4244b3b7ee91649890faca85290b4f9ab005
6ec111b78a9788fcbca92dcc48b0d5f78d4df6a5f8d0ce96390851e832eace0d
4c3b91cd25650a7e1ee80164fd0598cdbf64e75ddf4ce08141aea42ee56cb134
4092ff03e7a69efd728a0dd2a181fdeef99df6ebdf0e6f39140718e805efe655
103.54.153.116
45.147.97.170
Attack Patterns
Braodo Stealer
T1606.001
T1064
T1555.003
T1547.001
T1071.001
T1005
T1057
T1083
T1041
T1059
Additional Informations
Singapore
Czechia
Netherlands
Germany
United Kingdom of Great Britain and Northern Ireland
United States of America