Coronavirus Attacks Spread Malware Infection

Mimecast and other vendors have detected an e-mail campaign that is targeting users around the world, the e-mails have various content relating to the current Coronavirus.

Concern over the spreading coronavirus from China is legitimate and real. The World Health Organization (WHO) has declared the coronavirus a global health emergency. As we know when such big events happen scammers will see an oppertunaty to act.

Clicking the link’s in the email will lead to a covert malware download.

We can expect to see more malicious email traffic based on the coronavirus in the future, as the infection spreads.

Some of these attacks deliver the Emotet trojan.

Indicators of Compromise

MD5 Hashes

8C809B4AC6D95CE85A0F04CD04B7A7EA 586FB4A6FFDFEB423F1F1782AAA9BB9F
8800EBD065B52468FA778B4527437F5A
379959D80D0BFC45AAB6437474D1F727

SHA-256

4c9e35f3d5f555dda5f4373cf23fbb289c6067c70841be7022ba6da62e49cccb
acec0bb9d9bd199d3e6a77b763cebee8f67275996d3c55af8c617fef76f2e87f
b49c9eba58537f8d856daded80bc9493a83c508d73423b98686d4e8b232d61c3
7cbcad4d6e9ad8438e5febd3830bff9aef4729b98d23935ad7f9e6d290272732

C2 Server

http://109.236.109.159:8080/vnx8v
http://85.96.49.152/6oU9ipBIjTSU1
http://186.10.98.177/faHtH2y

Emotet Malware URL

http://erasmus-plius.tomasjs.com/wp-admin/KfesPCcG/
http://easytogets.com/xfxvqq/UXbKAbm/
http://drhuzaifa.com/wp-includes/2i48k7-evv28gw-205510/
http://dewarejeki.info/wp-includes/up58jauc-pum2w-630352/
http://dewakartu.info/wp-includes/BRVMFYvIR/

Jason Davies

UK based technology professional, with an interest in computer security and telecoms.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: