Solutions for:
Home Products
Small Business
Medium Business
Enterprise
Vulnerabilities Threats
Home Threats Trojan-PSW Win32

Trojan-PSW.Win32.QQPass.mnzj

Update Date
10/19/2023

Class: Trojan-PSW

Trojan-PSW programs are designed to steal user account information such as logins and passwords from infected computers. PSW is an acronym of Password Stealing Ware. When launched, a PSW Trojan searches system files which store a range of confidential data or the registry. If such data is found, the Trojan sends it to its “master.” Email, FTP, the web (including data in a request), or other methods may be used to transit the stolen data. Some such Trojans also steal registration information for certain software programs.

Read more

Platform: Win32

Win32 is an API on Windows NT-based operating systems (Windows XP, Windows 7, etc.) that supports execution of 32-bit applications. One of the most widespread programming platforms in the world.

Family: QQPass

No family description

Examples

F26A48A7AB9BBEAE919AFD1060D5D4B7
D5C4DCBCD148C8AD92C2F0AD3FB79A13
4551BB894B992810EE1B2F72BB723B0A
6DD733672EED496189863215A2214F3D
77223A6353626C1D18B242DB4BA2F848

Tactics and Techniques: Mitre*

TA0006
Credential Access

Adversaries may log user keystrokes to intercept credentials as the user types them. Keylogging is likely to be used to acquire credentials for new access opportunities when OS Credential Dumping efforts are not effective, and may require an adversary to intercept keystrokes on a system for a substantial period of time before credentials can be successfully captured. In order to increase the likelihood of capturing credentials quickly, an adversary may also perform actions such as clearing browser cookies to force users to reauthenticate to systems.


T1056.001
Keylogging

Adversaries may log user keystrokes to intercept credentials as the user types them. Keylogging is likely to be used to acquire credentials for new access opportunities when OS Credential Dumping efforts are not effective, and may require an adversary to intercept keystrokes on a system for a substantial period of time before credentials can be successfully captured. In order to increase the likelihood of capturing credentials quickly, an adversary may also perform actions such as clearing browser cookies to force users to reauthenticate to systems.


* © 2025 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Related articles
30 July 2025
Securelist
Cobalt Strike Beacon delivered via GitHub and social media
25 July 2025
Securelist
ToolShell: a story of five vulnerabilities in Microsoft SharePoint
21 July 2025
Securelist
The SOC files: Rumble in the jungle or APT41’s new target in Africa
17 July 2025
Securelist
GhostContainer backdoor: malware compromising Exchange servers of high-value organizations in Asia
14 July 2025
Securelist
Forensic journey: Breaking down the UserAssist artifact structure
10 July 2025
Securelist
Code highlighting with Cursor AI for $500,000
Found an inaccuracy in the description of this vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Found a new Threat or Vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Solutions for
Home Products
Small Business
Medium Business
Enterprise
Select language
Sorting
Threat
Confirm changes?
Your message has been sent successfully.