Cisco Talos discloses a new Vietnamese financially-motivated actor dubbed CoralRaider, targeting victims in several Asian and Southeast Asian countries since at least 2023. They focus on stealing victims’ credentials, financial data, and social media accounts, including business and advertisement accounts. Known malware used are a QuasarRAT variant called RotBot, and XClient stealer. TTPs include abusing a legitimate service to host the C2 configuration file and uncommon living-off-the-land binaries (LoLBins), including Windows Forfiles.exe and FoDHelper.exe. IOC provided. 🔗 https://blog.talosintelligence.com/coralraider-targets-socialmedia-accounts/

#CoralRaider #Vietnam #cybercrime #threatintel #IOC #QuasarRAT #RotBot #XClient #LoLBin