bhc

Member
  • Content Count

    1
  • Joined

  • Last visited

Community Reputation

0 Neutral

About bhc

  • Rank
    New Member
  1. Vector: Possibly email, looks to be like Craigslist though. Files renamed to .merry, also included in each directory/subdir the file merry_i_love_you_bruce.hta which displays the ransom ID. New email seems to be [email protected] Hybrid Analysis: https://www.hybrid-analysis.com/sample/28bda4bf96841c5734fc1dc9f7fe76724488a79cf177d3992c03eb88b8fdf36f?environmentId=100 Attached is the infection file. Current MCR tool doesn't seem to work on this variant, so hopefully this helps. In case your AV blocks it, encrypted 7z password is 123 . Chrome_Font.exe Chrome_Font_pass123.7z