Malware overwrites MBR, corrupts disks

Beware of malicious email attachments, downloads! A new COVID-themed malware disables Windows Task Manager, UAC, reboots the system, and overwrites the MBR.

Updated on

February 27, 2023

Published on

April 6, 2020

Read time

5

Subscribe to the latest industry news, technologies and resources.

The Carrier

The malware can be delivered as a malicious email attachment, file download, or a fake application.

The Malware

Upon execution, it launches a number of helper files, to a temp folder.
The file named “coronavirus.bat” creates a COVID-19 folder and moves all the helper files there.
It, then, disables Windows Task Manager, User Access Control (UAC),
Target system is set to reboot to complete the installation.
The malware executes two binaries after in the installation. Binary “mainWindow.exe” notifies the user of the infection and displays two buttons for assistance. The second binary overwrites the MBR.

The Risk

The malware corrupts the hard disk, and renders it unusable.
It displays a message to victims, asking them to contact the hacker on discord channel Windows Vista#3294_

Table of Contents

This is also a heading
This is a heading

Get Global Threat Intelligence on Real Time

Protect your business from cyber threats with real-time global threat intelligence data.. 30-day free and No Commitment Trial.

Schedule a Demo

Real time Threat Intelligence Data

More information and context about Underground Chatter

On-Demand Research Services

Related Intelligence Posts

No items found.