Infostealer
CopperStealth
According to Trend Micro, CopperStealth’s infection chain involves dropping and loading a rootkit, which later injects its payload into explorer.exe and another system process.
According to Trend Micro, CopperStealth’s infection chain involves dropping and loading a rootkit, which later injects its payload into explorer.exe and another system process. These payloads are responsible for downloading and running additional tasks. The rootkit also blocks access to blocklisted registry keys and prevents certain executables and drivers from running. The task module is able to download and run additional payloads.
Family metadata imported from Malpedia (Fraunhofer FKIE).