Registry Manager Feature - Malware Gallery

Description

The Registry Access and Manager feature in malware allows attackers to interact with the Windows Registry, the hierarchical database that stores low-level settings for the operating system and installed applications. With capabilities to view, create, edit, or delete registry keys and data, this feature gives attackers a powerful tool to manipulate system configurations and behavior. Additionally, it can be used to steal sensitive information such as passwords and software licenses stored in registry entries. For instance, by modifying or creating registry entries, malware can ensure its own persistence, deactivate security measures, or even alter user permissions. The ability to steal passwords and licenses from the registry can also facilitate privilege escalation, making the compromised system even more vulnerable to further exploitation. This kind of access is particularly valuable for advanced attacks, where fine-grained control over the target system is required. By manipulating the registry, attackers can not only deepen their level of system compromise but also tailor the environment to suit their malicious objectives, making this feature a key asset in a sophisticated malware toolkit.

Categories	Alteration, Exfiltration, Credentials, System Management, Disruption
Dangerousness	High

Associated with Releases

Version	Origins	Authors	Languages	Release Date
Back Orifice 1.20	United States 🇺🇸	Cult of the Dead Cow (cDc)	C++	Jul, 1998
SubSeven 1.4	Romania 🇷🇴, Canada 🇨🇦	Mobman	Delphi	Mar, 1999
SubSeven 1.5	Romania 🇷🇴, Canada 🇨🇦	Mobman	Delphi	Apr, 1999
SubSeven 1.6	Romania 🇷🇴, Canada 🇨🇦	Mobman	Delphi	Apr, 1999
SubSeven 1.7	Romania 🇷🇴, Canada 🇨🇦	Mobman	Delphi	May, 1999
SubSeven 1.8	Romania 🇷🇴, Canada 🇨🇦	Mobman	Delphi	May, 1999
SubSeven 1.9	Romania 🇷🇴, Canada 🇨🇦	Mobman	Delphi	Jun, 1999
Back Orifice 2000 (BO2K) 1.0	United States 🇺🇸	Cult of the Dead Cow (cDc)	C++	Jul, 1999
SubSeven 1.9 Apocalypse	Romania 🇷🇴, Canada 🇨🇦	Mobman	Delphi	Aug, 1999
SubSeven 2.0	Romania 🇷🇴, Canada 🇨🇦	Mobman	Delphi	Sep, 1999
SubSeven 2.1	Romania 🇷🇴, Canada 🇨🇦	Mobman	Delphi	Nov, 1999
SubSeven 2.1.1 GOLD edition	Romania 🇷🇴, Canada 🇨🇦	Mobman	Delphi	Feb, 2000
SubSeven 2.1.2 M.U.I.E	Romania 🇷🇴, Canada 🇨🇦	Mobman	Delphi	Apr, 2000
SubSeven 2.1.3 BONUS	Romania 🇷🇴, Canada 🇨🇦	Mobman	Delphi	Jun, 2000
SubSeven 2.1.4 DEFCON 8	Romania 🇷🇴, Canada 🇨🇦	Mobman	Delphi	Jul, 2000
Y3K rat 1.5	Greece 🇬🇷	firelarm , Chucky	Delphi	Jan, 2001
SubSeven 2.2	Romania 🇷🇴, Canada 🇨🇦	Mobman	Delphi	Mar, 2001
Y3K rat 1.6 MS	Greece 🇬🇷	firelarm , Chucky	Delphi	Jul, 2001
Optix Pro 1.0	Unknown 🏴‍☠️	s13az3	Delphi	Apr, 2002
Net-Devil 1.5	Unknown 🏴‍☠️	Nilez	Delphi	Jul, 2002
MoSucker 3.0b	Germany 🇩🇪	Superchachi	Visual Basic 6 (VB6)	Nov, 2002
Beast 1.91	Romania 🇷🇴	Tataye	Delphi	Jan, 2003
SubSeven 2.1.5 Legends	Romania 🇷🇴, Canada 🇨🇦	Mobman	Delphi	Feb, 2003
Beast 2.01	Romania 🇷🇴	Tataye	Delphi	Jun, 2003
LanFiltrator 1.1 Fix 1	Australia 🇦🇺	Read101	Delphi	Aug, 2003
Optix Pro 1.32	Unknown 🏴‍☠️	s13az3 , xMs	Delphi	Sep, 2003
CIA 1.2	England 🏴󠁧󠁢󠁥󠁮󠁧󠁿	Alchemist	Visual Basic 6 (VB6)	Sep, 2003
Beast 2.02	Romania 🇷🇴	Tataye	Delphi	Sep, 2003
Nuclear RAT 1.0 Beta 5	Brazil 🇧🇷	Caesar2k	Delphi	Feb, 2004
ProRat 1.4	Turkey 🇹🇷	HighLander , ATmaCA	Borland C++	Feb, 2004
LanFiltrator 1.5 Beta III	Australia 🇦🇺	Read101	Delphi	Feb, 2004
ProRat 1.6	Turkey 🇹🇷	HighLander , ATmaCA	Borland C++	Mar, 2004
ProRat 1.8	Turkey 🇹🇷	HighLander , ATmaCA	Borland C++	Apr, 2004
Infector NG 2004 2.1.0	Belgium 🇧🇪, United Kingdom 🇬🇧	fc , Infiltration	Delphi	May, 2004
Beast 2.07	Romania 🇷🇴	Tataye	Delphi	Aug, 2004
Optix Pro 1.33	Unknown 🏴‍☠️	s13az3	Delphi	Aug, 2004
ProRat 1.9	Turkey 🇹🇷	HighLander , ATmaCA	Borland C++	Aug, 2004
Institution 2004 0.4.0	United States 🇺🇸	Aphex	Delphi	Oct, 2004
CIA 1.3	England 🏴󠁧󠁢󠁥󠁮󠁧󠁿	Alchemist	Visual Basic 6 (VB6)	Dec, 2004
DARKMOON 4.11 / 4.11 Private Edition	Spain 🇪🇸	shukisnike	Delphi	Jun, 2005
Bifrost 1.2.1	Sweden 🇸🇪	ksv	C++	Jan, 2007
Bandook 1.35	Lebanon 🇱🇧	PrinceAli	Delphi, C++	Apr, 2007
Poison Ivy 2.3.0	Sweden 🇸🇪	Shapeless	Delphi, MASM	Jun, 2007
sharK 2.4.0 Fwb+	Germany 🇩🇪	sNiper109 , rockZ	Visual Basic 6 (VB6)	Aug, 2007
Nuclear RAT 2.1.0	Brazil 🇧🇷	Caesar2k	Delphi	Sep, 2007
Poison Ivy 2.3.2	Sweden 🇸🇪	Shapeless	Delphi, MASM	Jan, 2008
Turkojan 4	Turkey 🇹🇷	FµNGµ§	Delphi	Feb, 2008
sharK 3.1 fwb++	Germany 🇩🇪	sNiper109 , rockZ	Visual Basic 6 (VB6)	Mar, 2008
SynRAT 4.0.1	France 🇫🇷	DarkCoderSc	Delphi	May, 2009
Cerberus 1.0 Beta	United States 🇺🇸, United Kingdom 🇬🇧	Protocol , Steve10120 , 2sly , Sam	Delphi	Aug, 2009
Cerberus 1.01 Beta	United States 🇺🇸, United Kingdom 🇬🇧	Protocol , Steve10120 , 2sly , Sam	Delphi	Aug, 2009
Cerberus 1.02 Beta	United States 🇺🇸, United Kingdom 🇬🇧	Protocol , Steve10120 , 2sly , Sam	Delphi	Aug, 2009
Apocalypse RAT 1.4	Turkey 🇹🇷	ap0calypse	Delphi	Aug, 2009
Cerberus 1.03.4	United States 🇺🇸, United Kingdom 🇬🇧	Protocol , Steve10120 , 2sly , Sam	Delphi	Sep, 2009
Spy-Net 2.6	Brazil 🇧🇷	Raphael	Delphi	Oct, 2009
DarkComet RAT 1.3	France 🇫🇷	DarkCoderSc		Nov, 2009
Cerberus 1.03.5 Beta	United States 🇺🇸, United Kingdom 🇬🇧	Protocol , Steve10120 , 2sly , Sam	Delphi	Dec, 2009
DarkComet RAT 2.0 RC4	France 🇫🇷	DarkCoderSc	Delphi	Mar, 2010
CyberGate 1.04.8	United States 🇺🇸	johnyk	Delphi	Apr, 2010
Lost Door 4.3.1	Tunisia 🇹🇳	OussamiO	Visual Basic 6 (VB6)	Apr, 2010
Lost Door 5.1	Tunisia 🇹🇳	OussamiO	Visual Basic 6 (VB6)	Oct, 2010
Coolvibes 1 Update 8	Spain 🇪🇸	Thor	Delphi	May, 2011
Xtreme RAT 2.9	Brazil 🇧🇷	Raphael	Delphi	Jul, 2011
DarkComet RAT 5.3.1	France 🇫🇷	DarkCoderSc	Delphi	Jun, 2012
NjRat 0.7d	Kuwait 🇰🇼	njq8	VB .net	Dec, 2013