Locky Downloader adds a Geo IP Check

Forum for analysis and discussion about malware.

Locky Downloader adds a Geo IP Check

Postby c0d3inj3cT » Thu Oct 12, 2017 5:43 am

In the ongoing spam campaign of Locky, there is a small upgrade made by attackers in the delivery mechanism. The VBScript based downloaders have added a Geo IP check. Based on the geographical region in which the user is located, it either downloads Locky or Trickbot.

MD5 hash: 6e2692c124a69566838cde01b7669532

So, now Two in One based on the geographical region the user is located in.

More details here: http://www.pwncode.club/2017/10/locky-b ... check.html
c0d3inj3cT
 
Posts: 5
Joined: Thu Jan 02, 2014 6:29 am
Location: c0d3inj3ct@Twitter
Reputation point: 0

Re: Locky Downloader adds a Geo IP Check

Postby maddog4012 » Thu Oct 12, 2017 12:52 pm

Code: Select all
Domain                     IP Address          Port   
freegeoip.net             104.31.11.172           53   
unhanorarse.info      49.51.134.78           53   
team-bobcat.org     212.224.65.254   53   
team-bobcat.org     212.224.65.254   80   
unhanorarse.info     49.51.134.78           80   
freegeoip.net             104.31.10.172           80   


attached
MD5 hash: 6e2692c124a69566838cde01b7669532
You do not have the required permissions to view the files attached to this post.
User avatar
maddog4012
 
Posts: 48
Joined: Mon Aug 04, 2014 6:53 pm
Reputation point: 41


Return to Malware

Who is online

Users browsing this forum: nadia and 8 guests