Sodinokibi Ransomware Pushed via Foreclosure Warning Spam

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
A malspam campaign targeting potential German victims is actively distributing Sodinokibi ransomware via spam emails disguised as foreclosure notifications with malicious attachments which pose as foreclosure notifications.

By using "Ankündigung der Zwangsvollstreckung" as the subject line — which translates to "Announcement of foreclosure" — the attackers are trying to trick their targets into reacting to the bait without thinking and to open the infected attachments.

After asking the victim to enable macros to get access to the document's content, the malicious attachment named Mahnbescheid - Antwortbogen - Aktenzeichen 4650969334.doc will download the Sodinokibi Ransomware to %Temp%\Microsoft-Word.exe using an obfuscated VBA-based macro.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top