Class: Trojan-Downloader
Programs classified as Trojan-Downloader download and install new versions of malicious programs, including Trojans and AdWare, on victim computers. Once downloaded from the Internet, the programs are launched or included on a list of programs which will run automatically when the operating system boots up. Information about the names and locations of the programs which are downloaded are in the Trojan code, or are downloaded by the Trojan from an Internet resource (usually a web page). This type of malicious program is frequently used in the initial infection of visitors to websites which contain exploits.Read more
Platform: Win32
Win32 is an API on Windows NT-based operating systems (Windows XP, Windows 7, etc.) that supports execution of 32-bit applications. One of the most widespread programming platforms in the world.Family: Trojan.Win64.Agent
No family descriptionExamples
5F094E176A9C337710D4B6746EF7A2C822BB607346E20CCC672D2E52C3AC1392
DDB443A8B36B6B02940C1B64E597543E
301F8247F2D015A80AE9BFA6707B298E
94DA108903DF75B296FE7F9B94858378
Tactics and Techniques: Mitre*
TA0006
Credential Access
An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials. Web applications and services often use session cookies as an authentication token after a user has authenticated to a website.
T1539
Steal Web Session Cookie
An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials. Web applications and services often use session cookies as an authentication token after a user has authenticated to a website.
* © 2025 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.