Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities
August 3, 2022Rewterz Threat Alert – IcedID banking Trojan – Active IOCs
August 4, 2022Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities
August 3, 2022Rewterz Threat Alert – IcedID banking Trojan – Active IOCs
August 4, 2022Severity
Medium
Analysis Summary
AveMaria RAT – aka WarzoneRAT – is a remote access trojan that targets Windows systems that provides the capability to gain unauthorized access to a victim’s PC or allow covert surveillance of it. It acts as a keylogger, can steal passwords, escalate privileges, and much more. AveMaria, like most malware, first arrives at systems as a result of phishing emails (as invoices and shipping orders), but is also available on the dark web for subscriptions. This malware-as-a-service RAT is written in C++ that has been available for purchase since at least 2018.
Impact
- Unauthorized Access
Indicators of Compromise
MD5
- b29141f57bbbba2b2f64ea3e97d5c1b8
- 1a2fbbe2f70112f5a21df967463d7de5
- 60191ee3dc709db7fe482e221085d96e
SHA-256
- 99666c2694dd18e4c1d6398e68305c8540dc88b98a667f223d11a70fbd3fb45f
- 754a7fc0943f6d44516951ef3e6a9a66cfd77aedfaddc2ccbfcd366c34a15e78
- c8baa747450184f8b5fee2ad9b1e87bacd88960cc3831cced563da00e00af443
SHA-1
- b3825260c48b0f1073f5abc613c2019e3dbb34c4
- efc0ae058c724b1a49af06c3eb25d3c21f4beaf2
- 8db86493b57910831395f0e93d1ff789baca58f8
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.