Rewterz Threat Alert – Dridex Banking Trojan – Active IOCs
August 3, 2022Rewterz Threat Alert – STOP/DJVU Ransomware – Active IOCs
August 3, 2022Rewterz Threat Alert – Dridex Banking Trojan – Active IOCs
August 3, 2022Rewterz Threat Alert – STOP/DJVU Ransomware – Active IOCs
August 3, 2022Severity
Medium
Analysis Summary
AveMaria RAT – aka WarzoneRAT – is a remote access trojan that targets Windows systems that provides the capability to gain unauthorized access to a victim’s PC or allow covert surveillance of it. It acts as a keylogger, can steal passwords, escalate privileges, and much more. AveMaria, like most malware, first arrives at systems as a result of phishing emails (as invoices and shipping orders), but is also available on the dark web for subscriptions. This malware-as-a-service RAT is written in C++ that has been available for purchase since at least 2018.
Impact
- Unauthorized Access
Indicators of Compromise
MD5
- 22bb1fdc6a3af23af7b9430a8c48d748
- e2beefa8a1b15424661216d91f306b8d
- a6f9beaf6fd67592fe48d90cbacf8668
- f32c55874630883e44cd7ce49721021f
SHA-256
- a8da40be896d2c9c2c5621e999cf56c9a4e36b28e6f4a846ef51c24284857b0c
- 9961d435083015d3e079af0431f6e2dad0ac60a85541891ee67f366a5ade38c8
- 641fee0105d57f914136e457d022f6fb656e674f4b1dd9615274066c19312b96
- 336f65ef7ddec54de0cb9dec82ef389a8f1a45998cec3a288c1cabdc60fa76f0
SHA-1
- a735bd8ccf19a91860cbf2ccb854f20cb27db7d4
- fa3ed82def41201625814b452e6810d710db4714
- 2ee871037de960a008d913afef7df71e199194ba
- 98889a9c841bede6c277d534068bf106d0a4820f
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.