Locky Downloader adds a Geo IP Check

Forum for analysis and discussion about malware.
Post Reply
Posts: 7
Joined: Thu Jan 02, 2014 6:29 am
Location: c0d3inj3ct@Twitter

Locky Downloader adds a Geo IP Check

Post by c0d3inj3cT » Thu Oct 12, 2017 5:43 am

In the ongoing spam campaign of Locky, there is a small upgrade made by attackers in the delivery mechanism. The VBScript based downloaders have added a Geo IP check. Based on the geographical region in which the user is located, it either downloads Locky or Trickbot.

MD5 hash: 6e2692c124a69566838cde01b7669532

So, now Two in One based on the geographical region the user is located in.

More details here: http://www.pwncode.club/2017/10/locky-b ... check.html

User avatar
Posts: 69
Joined: Mon Aug 04, 2014 6:53 pm

Re: Locky Downloader adds a Geo IP Check

Post by maddog4012 » Thu Oct 12, 2017 12:52 pm

Code: Select all

Domain	                  IP Address	       Port	 
freegeoip.net		        53	 
unhanorarse.info	        53	 
team-bobcat.org	53	
team-bobcat.org	80	
unhanorarse.info	        80	
freegeoip.net		        80	
MD5 hash: 6e2692c124a69566838cde01b7669532
You do not have the required permissions to view the files attached to this post.

Post Reply