Rewterz Threat Alert – Snake Keylogger’s Malware – Active IOCs
June 10, 2022Rewterz Threat Alert – Nanocore Rat – Active IOCs
June 10, 2022Rewterz Threat Alert – Snake Keylogger’s Malware – Active IOCs
June 10, 2022Rewterz Threat Alert – Nanocore Rat – Active IOCs
June 10, 2022Severity
Medium
Analysis Summary
AveMaria RAT – aka WarzoneRAT – is a remote access trojan that targets Windows systems that provides the capability to gain unauthorized access to a victim’s PC or allow covert surveillance of it. It acts as a keylogger, can steal passwords, escalate privileges, and much more. AveMaria, like most malware, first arrives at systems as a result of phishing emails (as invoices and shipping orders), but is also available on the dark web for subscriptions. This malware-as-a-service RAT is written in C++ that has been available for purchase since at least 2018.
Impact
- Unauthorized Access
Indicators of Compromise
MD5
- 6cbf29aee6c1ebd20b02c9bdff872d54
- 739b884f3f6b7ef31d7de5d13bcda9d9
SHA-256
- 87d3f9671d02f12f33c3856593bd3568b0b1932e5b263fc9035f8006f1b23d7b
- b24e61853d962948d97e9ba192b054e269fcfc10a4f1009b572b09c67f54ecad
SHA-1
- 45c48556078c47312a45d3d7be8cf4ac05f4e2fd
- 0d351b5ac1e0f032c2ce7cd8b02a02ea9a6c85ef
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.