Rewterz Threat Alert – STOP/DJVU Ransomware – Active IOCs
July 26, 2022Rewterz Threat Alert – RedLine Stealer – Active IOCs
July 26, 2022Rewterz Threat Alert – STOP/DJVU Ransomware – Active IOCs
July 26, 2022Rewterz Threat Alert – RedLine Stealer – Active IOCs
July 26, 2022Severity
Medium
Analysis Summary
AveMaria RAT – aka WarzoneRAT – is a remote access trojan that targets Windows systems that provides the capability to gain unauthorized access to a victim’s PC or allow covert surveillance of it. It acts as a keylogger, can steal passwords, escalate privileges, and much more. AveMaria, like most malware, first arrives at systems as a result of phishing emails (as invoices and shipping orders), but is also available on the dark web for subscriptions. This malware-as-a-service RAT is written in C++ that has been available for purchase since at least 2018.
Impact
- Unauthorized Access
Indicators of Compromise
MD5
- 79f4ef61d09cc28818a90ffdd80d338f
- 4a0d5722263bd34a44aa1fdfb6acfbdc
- 9575ca20619ee7b2c2a06d4bab883005
SHA-256
- e616c9cb9911bcc75db23046f1b0f6a9248114c64d25c1ab5971041c0dd11798
- 4ebaaa4a25e9b4ee3765bce5094e51a5e783a86a69597188c83d3f09cd9d4fa5
- 260937a104d6f0d58fd4e7b526af0290477216f0cdd1e6d38ccf55f33ca007e4
SHA-1
- f3de2ce04168a7e894dcd9a3e234819b9aba21e3
- 4e38214b6be32d4de78d91cba207a1ff22a84ffd
- c8d98cd5fdd6bc381bf607fc97499f2243f4fd74
URL
http[:]//208[.]67[.]105[.]179/ikmerozx[.]exe
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.