November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs
August 15, 2022Rewterz Threat Alert – Virlock Ransomware – Active IOCs
August 15, 2022Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs
August 15, 2022Rewterz Threat Alert – Virlock Ransomware – Active IOCs
August 15, 2022
Severity
Medium
Analysis Summary
AveMaria RAT – aka WarzoneRAT – is a remote access trojan that targets Windows systems that provides the capability to gain unauthorized access to a victim’s PC or allow covert surveillance of it. It acts as a keylogger, can steal passwords, escalate privileges, and much more. AveMaria, like most malware, first arrives at systems as a result of phishing emails (as invoices and shipping orders), but is also available on the dark web for subscriptions. This malware-as-a-service RAT is written in C++ that has been available for purchase since at least 2018.
Impact
- Unauthorized Access
Indicators of Compromise
MD5
- 1df45a417b38be54b3532f98ed58f18e
- ad9fd1564dd1c6be54747e84444b8f55
SHA-256
- 0b609c44a994187058bc65faa0a48845e65eb118fe80e879ebb5c40209fd5a41
- 021d01fe3793879f57a2942664fc7c096710e94e87ad13dc21467c12edf61546
SHA-1
- 82c88b99da5df1fecbce79416ecbabcc6a0ffcec
- 001495af4af443265200340a08b5e07dc2a32553
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.