Class: Trojan
A malicious program designed to electronically spy on the user’s activities (intercept keyboard input, take screenshots, capture a list of active applications, etc.). The collected information is sent to the cybercriminal by various means, including email, FTP, and HTTP (by sending data in a request).Read more
Platform: Win32
Win32 is an API on Windows NT-based operating systems (Windows XP, Windows 7, etc.) that supports execution of 32-bit applications. One of the most widespread programming platforms in the world.Family: Trojan.Multi.Runner
No family descriptionExamples
ACE142DAB55F7FD007F6C89AC65B36AA1E12FAD0C0D7F65A2AF58C19AED171A1
597875D2180E4F570E5760DE4A208431
8274D9D3EC65CFD438434D3E37BFE02D
703B58A592A42D549A348E18F60850E5
Tactics and Techniques: Mitre*
TA0005
Defense Evasion
Adversaries may abuse mshta.exe to proxy execution of malicious .hta files and Javascript or VBScript through a trusted Windows utility. There are several examples of different types of threats leveraging mshta.exe during initial compromise and for execution of code
T1218.005
Mshta
Adversaries may abuse mshta.exe to proxy execution of malicious .hta files and Javascript or VBScript through a trusted Windows utility. There are several examples of different types of threats leveraging mshta.exe during initial compromise and for execution of code
* © 2025 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.