ET MALWARE Win32/Borr Stealer Variant Sending System Information
Sourceet/open
Fileemerging-malware.rules
CreatedMay 16, 2022
UpdatedMarch 8, 2024
Classificationtrojan-activity
alert tcp $HOME_NET any -> $EXTERNAL_NET 1024: (msg:"ET MALWARE Win32/Borr Stealer Variant Sending System Information"; flow:established,to_server ; content:"Content-length|3a|"; content:!"|20|"; within:1; content:"UserId|3a|"; content:!"|20|"; within:1; content:"Crypto|3a|"; content:!"|20|"; within:1; content:"Passworld|3a|"; fast_pattern; content:!"|20|"; within:1; content:"Cookies|3a|"; content:!"|20|"; within:1; content:"PK"; distance:200; content:"Processes.txt"; distance:0; content:"User Information.txt"; distance:0; reference:url,twitter.com/3xp0rtblog/status/1522491866834472960 ; reference:md5,d4d4b796efaf717170edf1a90eeb2a0d ; reference:md5,69aef5f237246dec6ef82dda0982e46b ; reference:md5,c7175f875b79020acc88eda29100e6d7 ; classtype:trojan-activity; sid:2036595; rev:2; metadata:attack_target Client_Endpoint, created_at 2022_05_16, deployment Perimeter, malware_family Win32_Borr, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_08, reviewed_at 2024_05_07;)
References
| url | twitter.com/3xp0rtblog/status/1522491866834472960 |
| md5 | d4d4b796efaf717170edf1a90eeb2a0d |
| md5 | 69aef5f237246dec6ef82dda0982e46b |
| md5 | c7175f875b79020acc88eda29100e6d7 |
Metadata
attack targetClient_Endpoint
created at2022_05_16
deploymentPerimeter
malware familyWin32_Borr
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2024_03_08
reviewed at2024_05_07
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!