Blog / Research

GitHub pages serve Braodo Version 2, A Python based Stealer 19 May
  • By Gurumoorthi
  • stealer, python_obfuscation, braodo, telegram_bot
  • 7 Likes
  • 0 Comments
  • 0 Shares

GitHub pages serve Braodo Version 2, A Python based Stealer

We observed a threat actor leveraging GitHub repositories to execute Braodo Stealer a Sophisticated Python based Stealer. The Author hosted all the necessary python packages to run the stealer within the GitHub repository. The infection layers included a Byte Order Marker (BOM), a type of obfuscator designed to make the victim believe it is a Chinese file.

Multi layers of evasion techniques drops various Remote Access Trojan 26 Apr
  • By Gurumoorthi
  • xwormrat, python_obfuscation, memory_injection
  • 7 Likes
  • 0 Comments
  • 4 Shares

Multi layers of evasion techniques drops various Remote Access Trojan

We recently came across a phishing campaign where a malicious author sent an email, in which the author attached an HTML file. The infection flow involves multiple levels of evasion techniques, especially as the author used Kramer obfuscation method used by the author, a python script obfuscator available on GitHub, was used by the author. This campaign pretends to be consumer asking for a service and was directed at staff.

Categories

Tags

agenttesla amsi_bypass braodo crimson crimsonRAT dropper fakecaptcha github lummastealer memory_injection phishing python_obfuscation remcosrat stealer telegram_bot xwormrat