ioc[.]one - OSINT Cyber Threat Intelligence Database

CoViper locking down computers during lockdown - Avast Threat Labs

Tags

cmtmf-attack-pattern:	Masquerading
attack-pattern:	Control Panel - T1218.002 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Masquerading - T1036 Masquerading

Show in Graph

Common Information

Type	Value
UUID	25c1ed97-0beb-442e-a7ea-6a02b1774488
Fingerprint	b7609c2b0d2b87ce
Analysis status	DONE
Considered CTI value	2
Text language
Published	April 2, 2020, 3:19 p.m.
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 17, 2024, 6:49 p.m.
Headline	CoViper locking down computers during lockdown
Title	CoViper locking down computers during lockdown - Avast Threat Labs
Detected Hints/Tags/Attributes	49/2/28

Source URLs

	Redirection	Url
Details	Source	https://decoded.avast.io/janrubin/coviper-locking-down-computers-during-lockdown/

URL Provider

Details	Provider	Source level domain
Details	avast.io	decoded.avast.io

Attributes

Details	Type	#Events	Value
Details	File	1	coronavirus.bat
Details	File	2	end.exe
Details	File	2	mainwindow.exe
Details	File	15	run.exe
Details	File	26	run.bat
Details	File	16	update.vbs
Details	File	4	wallpaper.jpg
Details	File	1	%homedrive%\covid-19\wallpaper.jpg
Details	File	1	%homedrive%\covid-19\update.vbs
Details	File	1260	explorer.exe
Details	File	1	%homedrive%\covid-19\run.exe
Details	File	1	%homedrive%\covid-19\end.exe
Details	sha256	1	4fd9b85eec0b49548c462acb9ec831a0728c0ef9e3de70e772755834e38aa3b3
Details	sha256	2	c3f11936fe43d62982160a876cc000f906cb34bb589f4e76e54d0a5589b2fdb9
Details	sha256	2	b780e24e14885c6ab836aae84747aa0d975017f5fc5b7f031d51c7469793eabe
Details	sha256	2	c46c3d2bea1e42b628d6988063d247918f3f8b69b5a1c376028a2a0cadd53986
Details	sha256	1	a1a8d79508173cf16353e31a236d4a211bdcedef53791acce3cfba600b51aaec
Details	sha256	1	fe22dd2588666974cae5b5bbde2d763afbd94bccf72d350ec4e801f9354d103d
Details	sha256	1	df1f9777fe6bede9871e331c76286bab82da361b59e44d07c6d977319522ba91
Details	sha256	1	13c4423ed872e71990e703a21174847ab58dec49501b186709b77b772ceeab52
Details	sha256	1	4a17f58a8bf2b26ece23b4d553d46b72e0cda5e8668458a80ce8fe4e6d90c42d
Details	sha256	1	7ae5e2be872510a0e2c01bcf61c2e2fb1e680cd9e54891d3751d41f53ac24f84
Details	Windows Registry Key	13	HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
Details	Windows Registry Key	98	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
Details	Windows Registry Key	1	HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
Details	Windows Registry Key	37	HKCU\Control
Details	Windows Registry Key	48	HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Details	Windows Registry Key	2	HKLM\software\Microsoft\Windows\CurrentVersion\Run