Kategorie: Trojan-PSW
Trojan-PSW-Programme dienen dazu, Benutzerkontoinformationen wie Logins und Kennwörter von infizierten Computern zu stehlen. PSW ist eine Abkürzung für Password Stealing Ware.Beim Start durchsucht ein PSW-Trojaner Systemdateien, die eine Reihe von vertraulichen Daten oder die Registrierung speichern. Wenn solche Daten gefunden werden, sendet der Trojaner sie an ihren "Master". E-Mail, FTP, das Web (einschließlich Daten in einer Anfrage) oder andere Methoden können verwendet werden, um die gestohlenen Daten zu übertragen.
Einige solcher Trojaner stehlen auch Registrierungsinformationen für bestimmte Softwareprogramme.
Mehr Informationen
Plattform: MSIL
Die Common Intermediate Language (früher als Microsoft Intermediate Language oder MSIL bezeichnet) ist eine von Microsoft entwickelte Zwischensprache für das .NET Framework. CIL-Code wird von allen Microsoft .NET-Compilern in Microsoft Visual Studio (Visual Basic .NET, Visual C ++, Visual C # und anderen) generiert.Familie: Trojan-PSW.MSIL.Agensla
No family descriptionExamples
DE043CA216CB4B6CCEF68971B34CCDA5Tactics and Techniques: Mitre*
TA0005
Defense Evasion
The adversary is trying to avoid being detected. Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics' techniques are cross-listed here when those techniques include the added benefit of subverting defenses.
T1036.007
Double File Extension
Adversaries may abuse a double extension in the filename as a means of masquerading the true file type. A file name may include a secondary file type extension that may cause only the first extension to be displayed (ex:
File.txt.exe may render in some views as just File.txt). However, the second extension is the true file type that determines how the file is opened and executed. The real file extension may be hidden by the operating system in the file browser (ex: explorer.exe), as well as in any software configured using or similar to the system’s policies. TA0006
Credential Access
The adversary is trying to steal account names and passwords. Credential Access consists of techniques for stealing credentials like account names and passwords. Techniques used to get credentials include keylogging or credential dumping. Using legitimate credentials can give adversaries access to systems, make them harder to detect, and provide the opportunity to create more accounts to help achieve their goals.
T1056.001
Keylogging
Adversaries may log user keystrokes to intercept credentials as the user types them. Keylogging is likely to be used to acquire credentials for new access opportunities when OS Credential Dumping efforts are not effective, and may require an adversary to intercept keystrokes on a system for a substantial period of time before credentials can be successfully captured. In order to increase the likelihood of capturing credentials quickly, an adversary may also perform actions such as clearing browser cookies to force users to reauthenticate to systems.
TA0011
Command and Control
The adversary is trying to communicate with compromised systems to control them. Command and Control consists of techniques that adversaries may use to communicate with systems under their control within a victim network. Adversaries commonly attempt to mimic normal, expected traffic to avoid detection. There are many ways an adversary can establish command and control with various levels of stealth depending on the victim's network structure and defenses.
T1071.001
Web Protocols
Adversaries may communicate using application layer protocols associated with web traffic to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.