Rewterz Threat Alert – RedLine Stealer – Active IOCs
July 18, 2022Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
July 18, 2022Rewterz Threat Alert – RedLine Stealer – Active IOCs
July 18, 2022Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
July 18, 2022Severity
Medium
Analysis Summary
AveMaria RAT – aka WarzoneRAT – is a remote access trojan that targets Windows systems that provides the capability to gain unauthorized access to a victim’s PC or allow covert surveillance of it. It acts as a keylogger, can steal passwords, escalate privileges, and much more. AveMaria, like most malware, first arrives at systems as a result of phishing emails (as invoices and shipping orders), but is also available on the dark web for subscriptions. This malware-as-a-service RAT is written in C++ that has been available for purchase since at least 2018.
Impact
- Unauthorized Access
Indicators of Compromise
MD5
- 1d2e9443da78deab57c8d18e574ab7af
- 5f6c6f471468995451f958d617221263
- 9dce9108e41cc67b45b1087a7becaa61
- fb85c1342d20611f2171ab8b65d18ba7
- ecee82fe2a6cd4b1ef8545c611757345
SHA-256
- 0d6d4a82b099a877d40ffc9e27093d641b3d80f4da2ace5b8987fee280f07c90
- 4b4f618f12ac211ecbabd1e40da2da32137a3d73f09d1e87b837cd77311e581e
- 0326b88265ab6cdbc653b7d7e7a7d3ab48a0a96755a9c5bba628da76a295c64a
- 293ee0c3aee04ad9862d0e0358a794a7e9f35757030615cac71a58a9267a0d83
- 9e36b195c8c0a0102f843386be780ef07ec69a1e6ca6d5defcb7d97cd057fb33
SHA-1
- c2308999a984c4d0fb316f307a4c5988eb0b3f62
- 0fd8d573876e3ebdb815ba580b306cae8239aaa4
- 59cd40d66e9c17624c6641a079deab594538dbc2
- 6933e6cb58b27c25e913d3e15969666a6935ce3f
- e5187fc831049acf22026dbd9739d8a0383e9042
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.