We have been receiving numerous samples of new bagle variant a couple of minutes ago and it is really blazing fast! It reaches a total count of 211 samples within 20 minutes from its first incident.
The new sample is not so different with the previous one and also has the same download links. It is 12,726 bytes and has an MD5 sum of 751789DD5D12FC33F1381FEED87FE352.
If you remember what I have mentioned in my previous post about the properties of the packer of recent TROJ_BAGLE.EY (e.g. polymorphic) and we only received copies of only one generation of the malware… now, it seems like the author has released another copies of the other generation of the malware. Sad… but it is apparently true.
And, here is what I have noticed on the filenames (extracted) of both generations of the malware…
Filename Hash
15-06-2006.exe 2BBA44B82D6E37069BF53C8A806A7DAE
16-06-2006.exe 751789DD5D12FC33F1381FEED87FE352
Well, we might be thinking the same thing…So, we better be alert for whatever might happen on the next days to ensure the total protection of our clients.
Btw, this will also be detected as TROJ_BAGLE.EY and thanks for the immediate response from the Service Team!