Slave Malware Analysis: Evolving From IBAN Swaps to Persistent Webinjects
ATT&CK techniques detected
T1547.001Registry Run Keys / Startup Folder
99%
"data \ startup \. the malware then sets a startup registry key for sys. exe and starts the sys. exe process. to maintain its stealthy browser infection method after each reboot, slave creates a registry key with a random name, disguised as " internet explorer ", which will automa…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Slave is financial malware written in Visual Basic. Since 2015 it has evolved from relatively simple IBAN swapping.