Locky Downloader upgrades itself with GeoIP Check

[explo1t]

In the ongoing spam campaign of Locky, there is a small upgrade made by attackers in the delivery mechanism. The VBScript based downloaders have added a Geo IP check. Based on the geographical region in which the user is located, it either downloads Locky or Trickbot.

Two in One - Locky + Trickbot delivered through the same Downloader based on Geographical region.

More details here: Neutralize Cyber Threats: Locky based Downloader adds a Geo IP Check

 

[vemn]

Thanks for the article.
Think one of my recent samples is this sort...
Surprised to see the flag changed from USA to my country, and even changing the bank details to a local bank icon, and showing a local map of where's the nearest BitCoin ATM... zzz Innovation they call it... Customer Service Excellence...