Sınıf: Trojan-PSW
Trojan-PSW programları, virüslü bilgisayarlardan giriş ve şifre gibi kullanıcı hesap bilgilerini çalmak üzere tasarlanmıştır. PSW, Password Stealing Ware'ın bir kısaltmasıdır. Başlatıldığında, bir PSW Truva atı, bir dizi gizli veriyi veya kayıt defterini saklayan sistem dosyalarını arar. Bu tür bir veri bulunursa, Truva atı “master” e gönderir. E-posta, FTP, web (bir talepte bulunan veriler dahil) veya çalınan verilerin aktarılması için başka yöntemler kullanılabilir. Bazı Truva atları da belirli yazılım programları için kayıt bilgilerini çalmaktadır.Platform: Win64
Win64, 32/64-bit uygulamaların yürütülmesi için Windows tabanlı işletim sistemlerinde bir platformdur. Win64 programları, Windows'un 32 bit sürümlerinde başlatılamaz.Aile: Trojan-PSW.Win64.Stealer
No family descriptionExamples
DD25C09BF60148825BE923623650B063Tactics and Techniques: Mitre*
TA0004
Privilege Escalation
The adversary is trying to gain higher-level permissions. Privilege Escalation consists of techniques that adversaries use to gain higher-level permissions on a system or network. Adversaries can often enter and explore a network with unprivileged access but require elevated permissions to follow through on their objectives. Common approaches are to take advantage of system weaknesses, misconfigurations, and vulnerabilities. Examples of elevated access include: SYSTEM/root level, local administrator, user account with admin-like access, user accounts with access to specific system or perform specific function. These techniques often overlap with Persistence techniques, as OS features that let an adversary persist can execute in an elevated context.
T1134
Access Token Manipulation
Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
TA0005
Defense Evasion
The adversary is trying to avoid being detected. Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics' techniques are cross-listed here when those techniques include the added benefit of subverting defenses.
T1036.005
Match Legitimate Resource Name or Location
Adversaries may match or approximate the name or location of legitimate files, Registry keys, or other resources when naming/placing them. This is done for the sake of evading defenses and observation.
T1055.012
Process Hollowing
Adversaries may inject malicious code into suspended and hollowed processes in order to evade process-based defenses. Process hollowing is a method of executing arbitrary code in the address space of a separate live process.
T1134
Access Token Manipulation
Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
TA0006
Credential Access
The adversary is trying to steal account names and passwords. Credential Access consists of techniques for stealing credentials like account names and passwords. Techniques used to get credentials include keylogging or credential dumping. Using legitimate credentials can give adversaries access to systems, make them harder to detect, and provide the opportunity to create more accounts to help achieve their goals.
T1539
Steal Web Session Cookie
An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials. Web applications and services often use session cookies as an authentication token after a user has authenticated to a website.
T1555.003
Credentials from Web Browsers
Adversaries may acquire credentials from web browsers by reading files specific to the target browser. Web browsers commonly save credentials such as website usernames and passwords so that they do not need to be entered manually in the future. Web browsers typically store the credentials in an encrypted format within a credential store; however, methods exist to extract plaintext credentials from web browsers.
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.