Locky Downloader adds a Geo IP Check

#30905 by c0d3inj3cT
Thu Oct 12, 2017 5:43 am

In the ongoing spam campaign of Locky, there is a small upgrade made by attackers in the delivery mechanism. The VBScript based downloaders have added a Geo IP check. Based on the geographical region in which the user is located, it either downloads Locky or Trickbot.

MD5 hash: 6e2692c124a69566838cde01b7669532

So, now Two in One based on the geographical region the user is located in.

More details here: http://www.pwncode.club/2017/10/locky-b ... check.html

Username

c0d3inj3cT

Posts

Joined

Thu Jan 02, 2014 6:29 am

Location

c0d3inj3ct@Twitter

Contact

Re: Locky Downloader adds a Geo IP Check

#30907 by maddog4012
Thu Oct 12, 2017 12:52 pm

Code: Select all

Domain	                  IP Address	       Port	 
freegeoip.net	          104.31.11.172	        53	 
unhanorarse.info	   49.51.134.78	        53	 
team-bobcat.org	  212.224.65.254	53	
team-bobcat.org	  212.224.65.254	80	
unhanorarse.info	  49.51.134.78	        80	
freegeoip.net	          104.31.10.172	        80

attached

MD5 hash: 6e2692c124a69566838cde01b7669532

Attachments

VBS_DLOADR.YYSTT.zip

pw virus
(4.08 KiB) Downloaded 27 times

Username

maddog4012

Posts

Joined

Mon Aug 04, 2014 6:53 pm

Page 1 of 1
2 posts

Return to “Malware”

Display:

Sort by:

Jump to: