Solutions for:
Home Products
Small Business
Medium Business
Enterprise
Vulnerabilities Threats
Home Threats Trojan Win32

Trojan.Win32.Agent.xbjjie

Update Date
01/14/2024

Class: Trojan

A malicious program designed to electronically spy on the user’s activities (intercept keyboard input, take screenshots, capture a list of active applications, etc.). The collected information is sent to the cybercriminal by various means, including email, FTP, and HTTP (by sending data in a request).

Read more

Platform: Win32

Win32 is an API on Windows NT-based operating systems (Windows XP, Windows 7, etc.) that supports execution of 32-bit applications. One of the most widespread programming platforms in the world.

Family: Trojan.Win64.Agent

No family description

Examples

AE716DE8BF37A93380C001426620668F
27DCF8C3E4E7DE529150FE6070960D4C
5C38A901F4FDCDF9F3CDC456C4DDD7AC
C1BF27ECA0A55A79A075D6DB6CB9D26D
61CDCDFAF91EF8C68C87FBBA945EDBCD

Tactics and Techniques: Mitre*

TA0003
Persistence

Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the “run keys” in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account’s associated permissions level.


T1547.001
Registry Run Keys / Startup Folder

Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the “run keys” in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account’s associated permissions level.


TA0004
Privilege Escalation

Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the “run keys” in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account’s associated permissions level.


T1547.001
Registry Run Keys / Startup Folder

Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the “run keys” in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account’s associated permissions level.


* © 2025 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Related articles
14 July 2025
Securelist
Forensic journey: Breaking down the UserAssist artifact structure
10 July 2025
Securelist
Code highlighting with Cursor AI for $500,000
08 July 2025
Securelist
Approach to mainframe penetration testing on z/OS. Deep dive into RACF
07 July 2025
Securelist
Batavia spyware steals data from Russian organizations
25 June 2025
Securelist
AI and collaboration tools: how cyberattackers are targeting SMBs in 2025
23 June 2025
Securelist
SparkKitty, SparkCat’s little brother: A new Trojan spy found in the App Store and Google Play
Found an inaccuracy in the description of this vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Found a new Threat or Vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Solutions for
Home Products
Small Business
Medium Business
Enterprise
Select language
Sorting
Threat
Confirm changes?
Your message has been sent successfully.