Solutions for:
Home Products
Small Business
Medium Business
Enterprise
Vulnerabilities Threats
Home Threats Trojan Win32

Trojan.Win32.Scarsi.aymu

Update Date
11/04/2023

Class: Trojan

A malicious program designed to electronically spy on the user’s activities (intercept keyboard input, take screenshots, capture a list of active applications, etc.). The collected information is sent to the cybercriminal by various means, including email, FTP, and HTTP (by sending data in a request).

Read more

Platform: Win32

Win32 is an API on Windows NT-based operating systems (Windows XP, Windows 7, etc.) that supports execution of 32-bit applications. One of the most widespread programming platforms in the world.

Family: Scarsi

No family description

Examples

40650852624A5B0B13637FAABFB0745C
011491F07CF0274965CAFBA026D02459
68635DDDAC6F04ABADBF14B00E1142ED
B4ABD92948F405C8101A85A95AA7A82B
3698593616D9C8EABA471DDF521E17EA

Tactics and Techniques: Mitre*

TA0007
Discovery

An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.


T1082
System Information Discovery

An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.


TA0011
Command and Control

Adversaries may communicate using application layer protocols associated with web traffic to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.


T1071.001
Web Protocols

Adversaries may communicate using application layer protocols associated with web traffic to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.


* © 2025 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Related articles
25 June 2025
Securelist
AI and collaboration tools: how cyberattackers are targeting SMBs in 2025
23 June 2025
Securelist
SparkKitty, SparkCat’s little brother: A new Trojan spy found in the App Store and Google Play
11 June 2025
Securelist
Toxic trend: Another malware threat targets DeepSeek
09 June 2025
Securelist
Sleep with one eye open: how Librarian Ghouls steal data by night
06 June 2025
Securelist
Analysis of the latest Mirai wave exploiting TBK DVR devices with CVE-2024-3721
05 June 2025
Securelist
IT threat evolution in Q1 2025. Non-mobile statistics
Found an inaccuracy in the description of this vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Found a new Threat or Vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Solutions for
Home Products
Small Business
Medium Business
Enterprise
Select language
Sorting
Threat
Confirm changes?
Your message has been sent successfully.