クラス: Trojan-Dropper
Trojan-Dropperプログラムは、コードに組み込まれた悪質なプログラムを犠牲PCに秘密裏にインストールするように設計されています。この種の悪意のあるプログラムは通常、被害者のドライブ(通常はWindowsディレクトリ、Windowsシステムディレクトリ、一時ディレクトリなど)に一定の範囲のファイルを保存し、通知なしで起動します(またはアーカイブエラーの偽の通知、古いオペレーティングシステムのバージョンなど)。このようなプログラムは、以下の目的でハッカーによって使用されています。トロイの木馬プログラムおよび/またはウイルスを秘密裏にインストールして、既知の悪意のあるプログラムがウイルス対策ソリューションによって検出されないようにします。すべてのウイルス対策プログラムがこのタイプのトロイの木馬の中のすべてのコンポーネントをスキャンできるわけではありません。プラットフォーム: Win32
Win32は、32ビットアプリケーションの実行をサポートするWindows NTベースのオペレーティングシステム(Windows XP、Windows 7など)上のAPIです。世界で最も広く普及しているプログラミングプラットフォームの1つです。ファミリー: Trojan-Dropper.Win32.Flystud
No family descriptionExamples
701883B4E6B55109B80EBD2DD2F54B3AD0867F97B4ED8F2E642A17C11174DA1A
A8E92CC5D8D4078B8BC1CCDDB417DF59
F488F6A290E19F8FDC2C8657DC5AF278
7872E8C45BFF3A3C057489A8AE5ECF34
Tactics and Techniques: Mitre*
TA0005
Defense Evasion
The adversary is trying to avoid being detected.
Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics’ techniques are cross-listed here when those techniques include the added benefit of subverting defenses.
Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics’ techniques are cross-listed here when those techniques include the added benefit of subverting defenses.
T1036
Masquerading
Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Renaming abusable system utilities to evade security monitoring is also a form of Masquerading.(Citation: LOLBAS Main Site) Masquerading may also include the use of Proxy or VPNs to disguise IP addresses, which can allow adversaries to blend in with normal network traffic and bypass conditional access policies or anti-abuse protections.
Renaming abusable system utilities to evade security monitoring is also a form of Masquerading.(Citation: LOLBAS Main Site) Masquerading may also include the use of Proxy or VPNs to disguise IP addresses, which can allow adversaries to blend in with normal network traffic and bypass conditional access policies or anti-abuse protections.
T1036.008
Masquerade File Type
Adversaries may masquerade malicious payloads as legitimate files through changes to the payload's formatting, including the file’s signature, extension, icon, and contents. Various file types have a typical standard format, including how they are encoded and organized. For example, a file’s signature (also known as header or magic bytes) is the beginning bytes of a file and is often used to identify the file’s type. For example, the header of a JPEG file, is
0xFF 0xD8 and the file extension is either `.JPE`, `.JPEG` or `.JPG`. * © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.