- The malware can be delivered as a malicious email attachment, file download, or a fake application.
- Upon execution, it launches a number of helper files, to a temp folder.
- The file named “coronavirus.bat” creates a COVID-19 folder and moves all the helper files there.
- It, then, disables Windows Task Manager, User Access Control (UAC),
- Target system is set to reboot to complete the installation.
- The malware executes two binaries after in the installation. Binary “mainWindow.exe” notifies the user of the infection and displays two buttons for assistance. The second binary overwrites the MBR.
- The malware corrupts the hard disk, and renders it unusable.
- It displays a message to victims, asking them to contact the hacker on discord channel Windows Vista#3294_