Class: Trojan
A malicious program designed to electronically spy on the user’s activities (intercept keyboard input, take screenshots, capture a list of active applications, etc.). The collected information is sent to the cybercriminal by various means, including email, FTP, and HTTP (by sending data in a request).Read more
Platform: Win64
Win64 is a platform on Windows-based operating systems for execution of 32-/64-bit applications. Win64 programs cannot be launched on 32-bit versions of Windows.Family: Injects
No family descriptionExamples
0341976305E072C836F6AD6B2FA74494252D673EBFDD16A9D7E45F65010B7E56
3839B997FB648A45BC980FA81B41B1B4
034C5964516723543E5555F875213C6F
719E33D8B3072A1920046DDC83A1E19E
Tactics and Techniques: Mitre*
TA0005
Defense Evasion
Adversaries may inject malicious code into suspended and hollowed processes in order to evade process-based defenses. Process hollowing is a method of executing arbitrary code in the address space of a separate live process.
T1055.012
Process Hollowing
Adversaries may inject malicious code into suspended and hollowed processes in order to evade process-based defenses. Process hollowing is a method of executing arbitrary code in the address space of a separate live process.
* © 2025 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.