SYMBOLCOMMON_NAMEaka. SYNONYMS
win.copperstealth (Back to overview)

CopperStealth

Actor(s): Water Orthrus

According to Trend Micro, CopperStealth’s infection chain involves dropping and loading a rootkit, which later injects its payload into explorer.exe and another system process. These payloads are responsible for downloading and running additional tasks. The rootkit also blocks access to blocklisted registry keys and prevents certain executables and drivers from running. The task module is able to download and run additional payloads.

References
2023-05-15Trend MicroJaromír Hořejší, Joseph C Chen
Water Orthrus's New Campaigns Deliver Rootkit and Phishing Modules
CopperStealth CopperStealer Water Orthrus

There is no Yara-Signature yet.