Rewterz Threat Alert – RedLine Stealer – Active IOCs
June 17, 2022Rewterz Threat Alert – Orcus RAT – Active IOCs
June 17, 2022Rewterz Threat Alert – RedLine Stealer – Active IOCs
June 17, 2022Rewterz Threat Alert – Orcus RAT – Active IOCs
June 17, 2022Severity
Medium
Analysis Summary
AveMaria RAT – aka WarzoneRAT – is a remote access trojan that targets Windows systems that provides the capability to gain unauthorized access to a victim’s PC or allow covert surveillance of it. It acts as a keylogger, can steal passwords, escalate privileges, and much more. AveMaria, like most malware, first arrives at systems as a result of phishing emails (as invoices and shipping orders), but is also available on the dark web for subscriptions. This malware-as-a-service RAT is written in C++ that has been available for purchase since at least 2018.
Impact
- Unauthorized Access
Indicators of Compromise
MD5
- d762675998408ca91e6dc3ef3869e7eb
- e42a5e95457268751571d86e1385c925
- 6f96629ce195df8de7b81bc6564e1702
- ed7a8a694330266a7f8a5f6740db8a29
- d6db3300852d8825c1a8f6be02a185d1
- 07abf8b49911e7de366048750349b13a
- 2e897a21315f140dc157ee2e3bc6ecb4
- afb8ee8e9d11bb8cd88e642845aaf982
SHA-256
- a6ab7788795b1b8bd7fb60832584f3394144055c741494a7ed4ebcd83cb0ebb6
- 2e9fd7e59d03db74b99c3a9977ce4df9f073b4de25377bb63ce0ce33005b9316
- d20cef4d853ca66b167dca85549d05686f236053167d754e5c21f7e6cbff4947
- 1fef03213ed9a46fcc3ba147380816a0115e453823fca35ea942a7254056319e
- 538f4ebfbd8ce783fd969013a3017632a041531743e8ffd1ab8dccd18df8f82c
- 03583d83903ce02b6e73d4e2208ee384b38a49557c4f04b71ce8d5727b21617e
- d4594dafbb7895d8368313639f26c08d3638fb766f89b8115fb6257c35fdc372
- f389030607c1376fd2b2c29a1e4ac557ce09a12dfe5252631245546177aa6e77
SHA-1
- 6f845238d78c3e83dbca03cba41a057648132573
- 88ece1412900fbc155ee150776f90ab4bd7b7120
- f19fef9f6ae9088a6f894aa06bb62eb13abf98b4
- 30562f97475c72de76077c3e8cb0cc308dc519cc
- 3aa76591ce590ea43974f03a79311fa9fcc9cf1e
- 9a7b2abdc467baea9ab18cedf6bd120345aaf85e
- 16485afaadaea884036d770542fced22d0934e73
- 4dddfb5d8bca00efaeb836c97828169d8a36345d
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.