Class: Trojan-Spy
Trojan-Spy programs are used to spy on a user’s actions (to track data entered by keyboard, make screen shots, retrieve a list of running applications, etc.) The harvested information is then transmitted to the malicious user controlling the Trojan. Email, FTP, the web (including data in a request) and other methods can be used to transmit the data.Read more
Platform: Win32
Win32 is an API on Windows NT-based operating systems (Windows XP, Windows 7, etc.) that supports execution of 32-bit applications. One of the most widespread programming platforms in the world.Family: Trojan-SMS.AndroidOS.Stealer
No family descriptionExamples
B05834839D0F908A2C54551642784A05238242682B959386036D9BE5AECD8A56
D538340E65403EC592E7BF06A4A15E7A
B478C3DE3FB7F5CA379389474B4D6704
1850FB30B824FC9F51D47A6BBEE6154B
Tactics and Techniques: Mitre*
TA0005
Defense Evasion
Adversaries may inject malicious code into suspended and hollowed processes in order to evade process-based defenses. Process hollowing is a method of executing arbitrary code in the address space of a separate live process.
T1055.012
Process Hollowing
Adversaries may inject malicious code into suspended and hollowed processes in order to evade process-based defenses. Process hollowing is a method of executing arbitrary code in the address space of a separate live process.
* © 2025 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.