bhc

CLOSED Merry Xmas Variation

Recommended Posts

Vector: Possibly email, looks to be like Craigslist though.

Files renamed to .merry, also included in each directory/subdir the file merry_i_love_you_bruce.hta which displays the ransom ID. New email seems to be [email protected]

Hybrid Analysis: https://www.hybrid-analysis.com/sample/28bda4bf96841c5734fc1dc9f7fe76724488a79cf177d3992c03eb88b8fdf36f?environmentId=100

Attached is the infection file.

Current MCR tool doesn't seem to work on this variant, so hopefully this helps. In case your AV blocks it, encrypted 7z password is 123 .

Chrome_Font.exe

Chrome_Font_pass123.7z

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.