Today, our email honeypot are receiving emails from WORM_STRATION malware. Unlike the other day where we received 10 different MD5 hashes, now we have 25 different MD5 hashes.
Here is a look at some of the email sent by the worm having the binary file as a zip file attachment.
As for the MD5 hashes, here’s the list (for system admins):
- 0675f71a67dd8dd3716e484855ee2627
- 1d4583ba2c3ebdc6c027cb49db92158c
- 261cec1464be928427ec14b121ea5665
- 299f76fdbf585e5f17941074498349c8
- 37753fdb5de5414a73caa1cc1a36876e
- 3d08becc3329cf3b5d9e10369fc8958d
- 750f38d4e38a6d60051306b8a25fb52d
- 767ac4882e799f5464cb18552c95d257
- 76a347170e155630a059522e424873ed
- 7b5e061f4ad607cf00c10d92b538c4a2
- 89ec4062507593e1e287966fb1acd734
- 9ee6203674f4d770240ae3dc31d90358
- b044c6051d0f7da8aee9e1f9a1f425ab
- b06155140861e86c97bf9cb1abed44c1
- b06155140861e86c97bf9cb1abed44c1
- babf9bdc89ed24522188976ce66be3e1
- cc6a14bcef5ac3227e50ba29f11c6c27
- cf1cf557f045400d4532bd72b3bd6020
- d6e211e97d7799b1792a3cdfbbed78da
- d77bb7178999486d505a8114a12573a3
- d77bb7178999486d505a8114a12573a3
- f973acf2896214400bbcfd5064a8fca8
- fe3a0d18413d9a3a9cfea9fa99264823
- 6938575d2dba7c7f3dbdff97e1cd0617
- 7108695e31b1e029c70392954a197e33
Again, all of these samples are detected by using the Intellitrap technology as PAK_GENERIC.001. These samples will be included in the detection of WORM_STRATIO in the upcoming Official Pattern Release.