Class: Trojan-PSW
Trojan-PSW programs are designed to steal user account information such as logins and passwords from infected computers. PSW is an acronym of Password Stealing Ware. When launched, a PSW Trojan searches system files which store a range of confidential data or the registry. If such data is found, the Trojan sends it to its “master.” Email, FTP, the web (including data in a request), or other methods may be used to transit the stolen data. Some such Trojans also steal registration information for certain software programs.Read more
Platform: PowerShell
PowerShell is a platform that is represented by scripts written in Powershell.Family: Trojan.Win64.Agent
No family descriptionExamples
4831A0D7591F50CC9E7410DF653A8719460FD10B39C80641462A90F87CB3A9EC
C2EB737160957817C83F92CAB71DFA64
6798C634A588285ABF7E786D4765D187
529143430C3DCD3A12858E7D5FBAA985
Tactics and Techniques: Mitre*
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Adversaries may attempt to get a listing of local system accounts. This information can help adversaries determine which local accounts exist on a system to aid in follow-on behavior.
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.