Locky Downloader adds a Geo IP Check

Forum for analysis and discussion about malware.

Locky Downloader adds a Geo IP Check

Postby c0d3inj3cT » Thu Oct 12, 2017 5:43 am

In the ongoing spam campaign of Locky, there is a small upgrade made by attackers in the delivery mechanism. The VBScript based downloaders have added a Geo IP check. Based on the geographical region in which the user is located, it either downloads Locky or Trickbot.

MD5 hash: 6e2692c124a69566838cde01b7669532

So, now Two in One based on the geographical region the user is located in.

More details here: http://www.pwncode.club/2017/10/locky-b ... check.html
Posts: 7
Joined: Thu Jan 02, 2014 6:29 am
Location: c0d3inj3ct@Twitter
Reputation point: 0

Re: Locky Downloader adds a Geo IP Check

Postby maddog4012 » Thu Oct 12, 2017 12:52 pm

Code: Select all
Domain                     IP Address          Port   
freegeoip.net              53   
unhanorarse.info           53   
team-bobcat.org   53   
team-bobcat.org   80   
unhanorarse.info           80   
freegeoip.net              80   

MD5 hash: 6e2692c124a69566838cde01b7669532
You do not have the required permissions to view the files attached to this post.
User avatar
Posts: 56
Joined: Mon Aug 04, 2014 6:53 pm
Reputation point: 52

Return to Malware

Who is online

Users browsing this forum: No registered users and 7 guests