Merry X-mas.rar -

It remains idle for a short period before connecting to a Command & Control (C2) server (historically https://onion1.host/cd/copy/gate.php ) to upload the victim's computer name, username, running processes, and hardware info.

.MERRY , .RARE1 , .PEGS1 , .MRCR1 , and .RMCM1 . 1. Attack Vector & Distribution Merry X-Mas.rar

Emails posing as Federal Trade Commission consumer complaints. It remains idle for a short period before

The malware typically spreads through campaigns designed to exploit holiday-themed or administrative urgency: and hardware info. .MERRY