Malware overwrites MBR, corrupts disks

Beware of malicious email attachments, downloads! A new COVID-themed malware disables Windows Task Manager, UAC, reboots the system, and overwrites the MBR.
Updated on
February 27, 2023
Published on
April 6, 2020
Read time
Subscribe to the latest industry news, technologies and resources.

The Carrier

The Malware

  • Upon execution, it launches a number of helper files, to a temp folder.
  • The file named “coronavirus.bat” creates a COVID-19 folder and moves all the helper files there.
  • It, then, disables Windows Task Manager, User Access Control (UAC),
  • Target system is set to reboot to complete the installation.
  • The malware executes two binaries after in the installation. Binary “mainWindow.exe” notifies the user of the infection and displays two buttons for assistance. The second binary overwrites the MBR.

The Risk

Get Global Threat Intelligence on Real Time

Protect your business from cyber threats with real-time global threat intelligence data.. 30-day free and No Commitment Trial.
Schedule a Demo
Real time Threat Intelligence Data
More information and context about Underground Chatter
On-Demand Research Services
Related Intelligence Posts
No items found.