Description

The Registry Access and Manager feature in malware allows attackers to interact with the Windows Registry, the hierarchical database that stores low-level settings for the operating system and installed applications. With capabilities to view, create, edit, or delete registry keys and data, this feature gives attackers a powerful tool to manipulate system configurations and behavior. Additionally, it can be used to steal sensitive information such as passwords and software licenses stored in registry entries. For instance, by modifying or creating registry entries, malware can ensure its own persistence, deactivate security measures, or even alter user permissions. The ability to steal passwords and licenses from the registry can also facilitate privilege escalation, making the compromised system even more vulnerable to further exploitation. This kind of access is particularly valuable for advanced attacks, where fine-grained control over the target system is required. By manipulating the registry, attackers can not only deepen their level of system compromise but also tailor the environment to suit their malicious objectives, making this feature a key asset in a sophisticated malware toolkit.

Categories System Management, Disruption, Credentials, Alteration, Exfiltration
Dangerousness High

Existing Technique

Name Associated Feature(s) Has Snippet Matching Sample
Windows Registry Enumeration logoWindows Registry Enumeration Registry Manager 0

Associated with Releases

Version Origins Authors Languages Release Date
Back Orifice 1.20 logoBack Orifice 1.20 United States 🇺🇸 Cult of the Dead Cow (cDc) C++ Jul, 1998
SubSeven 1.4 logoSubSeven 1.4 Romania 🇷🇴, Canada 🇨🇦 Mobman Delphi Mar, 1999
SubSeven 1.5 logoSubSeven 1.5 Romania 🇷🇴, Canada 🇨🇦 Mobman Delphi Apr, 1999
SubSeven 1.6 logoSubSeven 1.6 Romania 🇷🇴, Canada 🇨🇦 Mobman Delphi Apr, 1999
SubSeven 1.7 logoSubSeven 1.7 Romania 🇷🇴, Canada 🇨🇦 Mobman Delphi May, 1999
SubSeven 1.8 logoSubSeven 1.8 Romania 🇷🇴, Canada 🇨🇦 Mobman Delphi May, 1999
SubSeven 1.9 logoSubSeven 1.9 Romania 🇷🇴, Canada 🇨🇦 Mobman Delphi Jun, 1999
Back Orifice 2000 (BO2K) 1.0 logoBack Orifice 2000 (BO2K) 1.0 United States 🇺🇸 Cult of the Dead Cow (cDc) C++ Jul, 1999
SubSeven 1.9 Apocalypse logoSubSeven 1.9 Apocalypse Romania 🇷🇴, Canada 🇨🇦 Mobman Delphi Aug, 1999
SubSeven 2.0 logoSubSeven 2.0 Romania 🇷🇴, Canada 🇨🇦 Mobman Delphi Sep, 1999
SubSeven 2.1 logoSubSeven 2.1 Romania 🇷🇴, Canada 🇨🇦 Mobman Delphi Nov, 1999
SubSeven 2.1.1 GOLD edition logoSubSeven 2.1.1 GOLD edition Romania 🇷🇴, Canada 🇨🇦 Mobman Delphi Feb, 2000
SubSeven 2.1.2 M.U.I.E logoSubSeven 2.1.2 M.U.I.E Romania 🇷🇴, Canada 🇨🇦 Mobman Delphi Apr, 2000
SubSeven 2.1.3 BONUS logoSubSeven 2.1.3 BONUS Romania 🇷🇴, Canada 🇨🇦 Mobman Delphi Jun, 2000
SubSeven 2.1.4 DEFCON 8 logoSubSeven 2.1.4 DEFCON 8 Romania 🇷🇴, Canada 🇨🇦 Mobman Delphi Jul, 2000
Y3K rat 1.5 logoY3K rat 1.5 Greece 🇬🇷 firelarm , Chucky Delphi Jan, 2001
SubSeven 2.2 logoSubSeven 2.2 Romania 🇷🇴, Canada 🇨🇦 Mobman Delphi Mar, 2001
Y3K rat 1.6 MS logoY3K rat 1.6 MS Greece 🇬🇷 firelarm , Chucky Delphi Jul, 2001
Optix Pro 1.0 logoOptix Pro 1.0 Unknown 🏴‍☠️ s13az3 Delphi Apr, 2002
Net-Devil 1.5 logoNet-Devil 1.5 Unknown 🏴‍☠️ Nilez Delphi Jul, 2002
MoSucker 3.0b logoMoSucker 3.0b Germany 🇩🇪 Superchachi Visual Basic 6 (VB6) Nov, 2002
Beast 1.90 logoBeast 1.90 Romania 🇷🇴 Tataye Delphi Dec, 2002
Beast 1.91 logoBeast 1.91 Romania 🇷🇴 Tataye Delphi Jan, 2003
Beast 1.92 logoBeast 1.92 Romania 🇷🇴 Tataye Delphi Feb, 2003
SubSeven 2.1.5 Legends logoSubSeven 2.1.5 Legends Romania 🇷🇴, Canada 🇨🇦 Mobman Delphi Feb, 2003
Beast 2.00 logoBeast 2.00 Romania 🇷🇴 Tataye Delphi May, 2003
Beast 2.01 logoBeast 2.01 Romania 🇷🇴 Tataye Delphi Jun, 2003
LanFiltrator 1.1 Fix 1 logoLanFiltrator 1.1 Fix 1 Australia 🇦🇺 Read101 Delphi Aug, 2003
Optix Pro 1.32 logoOptix Pro 1.32 Unknown 🏴‍☠️ s13az3 , xMs Delphi Sep, 2003
CIA 1.2 logoCIA 1.2 England 🏴󠁧󠁢󠁥󠁮󠁧󠁿 Alchemist Visual Basic 6 (VB6) Sep, 2003
Beast 2.05 logoBeast 2.05 Romania 🇷🇴 Tataye Delphi Sep, 2003
Beast 2.02 logoBeast 2.02 Romania 🇷🇴 Tataye Delphi Sep, 2003
ProRat 1.1 logoProRat 1.1 Turkey 🇹🇷 HighLander , ATmaCA Borland C++ Jan, 2004
ProRat 1.2 logoProRat 1.2 Turkey 🇹🇷 HighLander , ATmaCA Borland C++ Jan, 2004
ProRat 1.3 logoProRat 1.3 Turkey 🇹🇷 HighLander , ATmaCA Borland C++ Feb, 2004
Nuclear RAT 1.0 Beta 5 logoNuclear RAT 1.0 Beta 5 Brazil 🇧🇷 Caesar2k Delphi Feb, 2004
Beast 2.06 logoBeast 2.06 Romania 🇷🇴 Tataye Delphi Feb, 2004
ProRat 1.4 logoProRat 1.4 Turkey 🇹🇷 HighLander , ATmaCA Borland C++ Feb, 2004
LanFiltrator 1.5 Beta III logoLanFiltrator 1.5 Beta III Australia 🇦🇺 Read101 Delphi Feb, 2004
ProRat 1.6 logoProRat 1.6 Turkey 🇹🇷 HighLander , ATmaCA Borland C++ Mar, 2004
ProRat 1.8 logoProRat 1.8 Turkey 🇹🇷 HighLander , ATmaCA Borland C++ Apr, 2004
Infector NG 2004 2.1.0 logoInfector NG 2004 2.1.0 Belgium 🇧🇪, United Kingdom 🇬🇧 fc , Infiltration Delphi May, 2004
Optix Pro 1.33 logoOptix Pro 1.33 Unknown 🏴‍☠️ s13az3 Delphi Aug, 2004
Beast 2.07 logoBeast 2.07 Romania 🇷🇴 Tataye Delphi Aug, 2004
Institution 2004 0.4.0 logoInstitution 2004 0.4.0 United States 🇺🇸 Aphex Delphi Oct, 2004
CIA 1.3 logoCIA 1.3 England 🏴󠁧󠁢󠁥󠁮󠁧󠁿 Alchemist Visual Basic 6 (VB6) Dec, 2004
ProRat 1.9 logoProRat 1.9 Turkey 🇹🇷 HighLander , ATmaCA Borland C++ Mar, 2005
DARKMOON 4.11 / 4.11 Private Edition logoDARKMOON 4.11 / 4.11 Private Edition Spain 🇪🇸 shukisnike Delphi Jun, 2005
Turkojan 3.0 logoTurkojan 3.0 Turkey 🇹🇷 Fungus Delphi Sep, 2006
Bifrost 1.2.1 logoBifrost 1.2.1 Sweden 🇸🇪 ksv C++ Jan, 2007