Jump to content

Merry Xmas Variation


bhc
 Share

Recommended Posts

Vector: Possibly email, looks to be like Craigslist though.

Files renamed to .merry, also included in each directory/subdir the file merry_i_love_you_bruce.hta which displays the ransom ID. New email seems to be [email protected]

Hybrid Analysis: https://www.hybrid-analysis.com/sample/28bda4bf96841c5734fc1dc9f7fe76724488a79cf177d3992c03eb88b8fdf36f?environmentId=100

Attached is the infection file.

Current MCR tool doesn't seem to work on this variant, so hopefully this helps. In case your AV blocks it, encrypted 7z password is 123 .

Chrome_Font.exe

Chrome_Font_pass123.7z

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...