Python Info-stealer Distributed by Malicious Excel Document [Tuesday, February 06, 2024]

In January 2024, FortiGuard Labs obtained an Excel document distributing an info-stealer related to a Vietnamese group first reported in August 202...
Python Info-stealer Distributed by Malicious Excel Document [Tuesday, February 06, 2024]
Python Info-stealer Distributed by Malicious Excel Document

Python Info-stealer Distributed by Malicious Excel Document

Description :
In January 2024, FortiGuard Labs obtained an Excel document distributing an info-stealer related to a Vietnamese group first reported in August 2023. The attack uses simple downloaders to increase detection difficulty. The info-stealer collects browsers' cookies and login data, compresses it, and sends it to the attacker's telegram bot.

Published Created Modified
2024-02-06 10:11:19 2024-02-06 10:11:19 2024-02-06 10:40:17

Tags

Indicators

IPv4s : Malwares :
  • script.py
  • VenomRat
  • XWorm
  • RedLine
Hashes :
  • 70e77806d5bec502c66ef9c3ce9d0cc9294f965b15a33cf8b180749171d5b710
  • d897376e35ace588d386b9fff1ba65277172571f5d0af90f371413380996e1e4
  • b33b10a686db213ca3253f55133a15e83262f6fc45506b425e46f972dfadb39e
  • 736f49f37da9a93ef79178344e46ea9fe98dbbf1bb8d2b06da232b0dd7fc4a4c
  • e78bd2a56e5e7b1c5305724bb171c69df21b6a5fef83ccd89e88d16bb1be79b9
  • eb64896197045b6897a141781171294d20e09a7172d8de978da09b958b2bc1d4
  • acbed913a5e14c724293bb48af87ca012202ae8c7c3b2df1b4aa077924414efb
  • e428edefeffb76e649961f9b25df39fdcc5c0b52b29775c012bb58d47ef88beb
  • 52575032c7eb4b3816b0e8a57ee4ea1cf19aacb32c3e2f96b8a891fe4ba2bcac
  • 09b9251e1b459b632dedeb23a0ce985b261b30ac8938036dbb4c93ea1ef8199b
  • d36af2c9097b9c718e035d345ad20c38c3ce66b63827d2c2b24cc3235b6eb709
  • b83c0c12fcc7b81b423cc30e9ec192ee913b309db30980442203121f6e69cfd0
Intrusion set :
  • Vietnamese group
MITRE ATT&CK Techniques : Other observables :
  • Finance
  • Technology

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.