Clase: Trojan-PSW
Los programas Trojan-PSW están diseñados para robar información de la cuenta de usuario, como inicios de sesión y contraseñas de computadoras infectadas. PSW es un acrónimo de Password Stealing Ware. Cuando se lanza, un troyano PSW busca archivos del sistema que almacenan una gama de datos confidenciales o el registro. Si se encuentran dichos datos, el troyano lo envía a su "maestro". El correo electrónico, FTP, la web (incluidos los datos de una solicitud) u otros métodos pueden usarse para transitar los datos robados. Algunos de estos troyanos también roban información de registro para ciertos programas de software.Más información
Plataforma: Win64
Win64 es una plataforma en sistemas operativos basados en Windows para la ejecución de aplicaciones de 32/64 bits. Los programas Win64 no se pueden iniciar en versiones de 32 bits de Windows.Familia: Trojan-PSW.Win64.Coins
No family descriptionExamples
142120EEF7991AEDF0C71D02D3A60E22Tactics and Techniques: Mitre*
TA0007
Discovery
The adversary is trying to figure out your environment. Discovery consists of techniques an adversary may use to gain knowledge about the system and internal network. These techniques help adversaries observe the environment and orient themselves before deciding how to act. They also allow adversaries to explore what they can control and what's around their entry point in order to discover how it could benefit their current objective. Native operating system tools are often used toward this post-compromise information-gathering objective.
T1033
System Owner/User Discovery
Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping. The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from System Owner/User Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.