Classe: Trojan-PSW
Os programas do Trojan-PSW são projetados para roubar informações de contas de usuários, como logins e senhas, de computadores infectados. PSW é um acrônimo de Password Stealing Ware. Quando lançado, um cavalo de Tróia PSW pesquisa arquivos de sistema que armazenam uma variedade de dados confidenciais ou o registro. Se esses dados forem encontrados, o cavalo de Tróia os enviará ao seu “mestre”. E-mails, FTP, a Web (incluindo dados em uma solicitação) ou outros métodos podem ser usados para transitar os dados roubados. Alguns desses Trojans também roubam informações de registro de determinados programas de software.Plataforma: Win32
O Win32 é uma API em sistemas operacionais baseados no Windows NT (Windows XP, Windows 7, etc.) que oferece suporte à execução de aplicativos de 32 bits. Uma das plataformas de programação mais difundidas do mundo.Família: Trojan-PSW.Win32.Stealer
No family descriptionExamples
4D5DCFF11A6247D99C64AE0E32A871F0Tactics and Techniques: Mitre*
TA0005
Defense Evasion
The adversary is trying to avoid being detected. Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics' techniques are cross-listed here when those techniques include the added benefit of subverting defenses.
T1497.003
Time Based Evasion
Adversaries may employ various time-based methods to detect and avoid virtualization and analysis environments. This may include enumerating time-based properties, such as uptime or the system clock, as well as the use of timers or other triggers to avoid a virtual machine environment (VME) or sandbox, specifically those that are automated or only operate for a limited amount of time.
TA0007
Discovery
The adversary is trying to figure out your environment. Discovery consists of techniques an adversary may use to gain knowledge about the system and internal network. These techniques help adversaries observe the environment and orient themselves before deciding how to act. They also allow adversaries to explore what they can control and what's around their entry point in order to discover how it could benefit their current objective. Native operating system tools are often used toward this post-compromise information-gathering objective.
T1497.003
Time Based Evasion
Adversaries may employ various time-based methods to detect and avoid virtualization and analysis environments. This may include enumerating time-based properties, such as uptime or the system clock, as well as the use of timers or other triggers to avoid a virtual machine environment (VME) or sandbox, specifically those that are automated or only operate for a limited amount of time.
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.