..
Click anywhere to stop
Click anywhere to stop
Class | Trojan |
Platform | Win64 |
Family | Zapchast |
Full name | HEUR:Trojan.Win64.Zapchast.gen |
Examples |
5C52A9FC23109779AA996CD516858857 8151EE6ECBB52046B6ED0C1D9131B500 2DBB2F792017E8972DCFD94382A768CA 45C519AF390AA94C4DB30CFCC0C34925 80CD3145D31DC367A59940032BE1B367 |
Updated at | 2023-12-25 03:52:15 |
Tactics & techniques MITRE* |
TA0002 ExecutionThe adversary is trying to run malicious code. Execution consists of techniques that result in adversary-controlled code running on a local or remote system. Techniques that run malicious code are often paired with techniques from all other tactics to achieve broader goals, like exploring a network or stealing data. For example, an adversary might use a remote access tool to run a PowerShell script that does Remote System Discovery. T1569.002 System Services: Service ExecutionAdversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager (
* © 2024 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.
services.exe ) is an interface to manage and manipulate services.(Citation: Microsoft Service Control Manager) The service control manager is accessible to users via GUI components as well as system utilities such as sc.exe and Net.PsExec can also be used to execute commands or payloads via a temporary Windows service created through the service control manager API.(Citation: Russinovich Sysinternals) Tools such as PsExec and sc.exe can accept remote servers as arguments and may be used to conduct remote execution.Adversaries may leverage these mechanisms to execute malicious content. This can be done by either executing a new or modified service. This technique is the execution used in conjunction with Windows Service during service persistence or privilege escalation. |
Find out the statistics of the threats spreading in your region |