“Borr” is an Info Stealer that will steal various sensitive information from the victim’s computer. Borr Info Stealer will make connections to a Command & Control (C&C) Server and, depending on the configuration from the C&C server, it may issue commands to perform various malicious activities on the victim’s computer. It is able to able to steal sensitive information and passwords from web browsers, mail, FTP clients, cryptocurrency wallets, and other applications from the compromised system.
This post serves to inform our customers about detection and protection capabilities within the VMware Carbon Black suite of products against Borr Info Stealer.
Borr will collect the stolen sensitive information to put in a folder in “C:\ProgramData\PSSLB.tmp\” and compress them into a zip file then send it to the command and control(C&C) server.
VMware Carbon Black Cloud Endpoint Standard (CB Defense) will display the malware’s overall triggered TTPs.