Today, our email honeypot are receiving emails from WORM_STRATION malware. Unlike the other day where we received 10 different MD5 hashes, now we have 25 different MD5 hashes.

Here is a look at some of the email sent by the worm having the binary file as a zip file attachment.

As for the MD5 hashes, here’s the list (for system admins):

• 0675f71a67dd8dd3716e484855ee2627
• 1d4583ba2c3ebdc6c027cb49db92158c
• 261cec1464be928427ec14b121ea5665
• 299f76fdbf585e5f17941074498349c8
• 37753fdb5de5414a73caa1cc1a36876e
• 3d08becc3329cf3b5d9e10369fc8958d
• 750f38d4e38a6d60051306b8a25fb52d
• 767ac4882e799f5464cb18552c95d257
• 76a347170e155630a059522e424873ed
• 7b5e061f4ad607cf00c10d92b538c4a2
• 89ec4062507593e1e287966fb1acd734
• 9ee6203674f4d770240ae3dc31d90358
• b044c6051d0f7da8aee9e1f9a1f425ab
• b06155140861e86c97bf9cb1abed44c1
• b06155140861e86c97bf9cb1abed44c1
• babf9bdc89ed24522188976ce66be3e1
• cc6a14bcef5ac3227e50ba29f11c6c27
• cf1cf557f045400d4532bd72b3bd6020
• d6e211e97d7799b1792a3cdfbbed78da
• d77bb7178999486d505a8114a12573a3
• d77bb7178999486d505a8114a12573a3
• f973acf2896214400bbcfd5064a8fca8
• fe3a0d18413d9a3a9cfea9fa99264823
• 6938575d2dba7c7f3dbdff97e1cd0617
• 7108695e31b1e029c70392954a197e33

Again, all of these samples are detected by using the Intellitrap technology as PAK_GENERIC.001. These samples will be included in the detection of WORM_STRATIO in the upcoming Official Pattern Release.