Cherry Picker is a point of sale (PoS) memory scraper. 
|Enterprise||T1546||.010||Event Triggered Execution: AppInit DLLs||
Some variants of Cherry Picker use AppInit_DLLs to achieve persistence by creating the following Registry key:
|Enterprise||T1048||.003||Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted Non-C2 Protocol||
Cherry Picker exfiltrates files over FTP.
|Enterprise||T1070||.004||Indicator Removal: File Deletion||
Recent versions of Cherry Picker delete files and registry keys created by the malware.