Class: Rootkit
This type of malicious program is designed to conceal certain objects or activities in the system. Registry keys (those used to automatically launch malicious objects, for example), files, folders, and processes in the memory of an infected computer, as well as malicious network activity, can all be hidden. Rootkits themselves have any malicious payload but in most cases, this type of program is used to prevent malicious programs from being detected and extend the length of time that they run on an infected computer.Read more
Platform: Win64
Win64 is a platform on Windows-based operating systems for execution of 32-/64-bit applications. Win64 programs cannot be launched on 32-bit versions of Windows.Family: Trojan.Win64.Agent
No family descriptionExamples
CEE048FDC0818E6DB115DA33AA4E930BBF2D7354F9BAE7AB3B34359221612384
A8B513ACE1E3B29CEEC38FE2BB142582
C297FAA5E8AABF26368A36016A702FF6
B2C9CE7B23E0FD2BFC3E5FCF2F828847
Tactics and Techniques: Mitre*
Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Adversaries may stop or disable services on a system to render those services unavailable to legitimate users. Stopping critical services or processes can inhibit or stop response to an incident or aid in the adversary’s overall objectives to cause damage to the environment.
Adversaries may stop or disable services on a system to render those services unavailable to legitimate users. Stopping critical services or processes can inhibit or stop response to an incident or aid in the adversary’s overall objectives to cause damage to the environment.
* © 2025 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.