Home
Threat Intelligence Posts
Malware Intelligence

Malware overwrites MBR, corrupts disks

Beware of malicious email attachments, downloads! A new COVID-themed malware disables Windows Task Manager, UAC, reboots the system, and overwrites the MBR.
Updated on
April 19, 2023
Published on
April 6, 2020
Read MINUTES
5
Subscribe to the latest industry news, threats and resources.

The Carrier

The Malware

  • Upon execution, it launches a number of helper files, to a temp folder.
  • The file named “coronavirus.bat” creates a COVID-19 folder and moves all the helper files there.
  • It, then, disables Windows Task Manager, User Access Control (UAC),
  • Target system is set to reboot to complete the installation.
  • The malware executes two binaries after in the installation. Binary “mainWindow.exe” notifies the user of the infection and displays two buttons for assistance. The second binary overwrites the MBR.

The Risk

File details

  • File names:
    • coronavirus.bat
    • end.exe
    • COVID-19.exe
    • dttcodexgigas.b87405ff26a1ab2a03f3803518f306cf906ab47f

Indicators of Compromise

MD5: 9dbbfa81fe433b24b3f3b7809be2cc7f SHA1: b87405ff26a1ab2a03f3803518f306cf906ab47f SHA256: dfbcce38214fdde0b8c80771cfdec499fc086735c8e7e25293e7292fc7993b4c SSDEEP: 6144:hhnAz89tqx/Qgl/FBoSKJPUHo9jk36bwiqwEWN3JxN:hhnccti/QglNBoSKBUcI6bcwE0x
 
CloudSEK Platform is a no-code platform that powers our products with predictive threat analytic capabilities.
Recent Posts

Recent Articles

Critical CSRF Vulnerability in IBM CICS TX - CVE-2023-42027 Demands Immediate Action
November 15, 2023
CVE-2023-43792 baserCMS is a website development framework vulnerable to Code Injection attacks
November 6, 2023

Get Global Threat Intelligence on Real Time

Protect your business from cyber threats with real-time global threat intelligence data.. 30-day free and No Commitment Trial.
Schedule a Demo
Real time Threat Intelligence Data
More information and context about Underground Chatter
On-Demand Research Services
Dashboard mockup
Global Threat Intelligence Feed

Protect and proceed with Actionable Intelligence

The Global Cyber Threat Intelligence Feed is an innovative platform that gathers information from various sources to help businesses and organizations stay ahead of potential cyber-attacks. This feed provides real-time updates on cyber threats, including malware, phishing scams, and other forms of cybercrime.
Trusted by 400+ Top organisations
Get started
Learn more