Rewterz Threat Alert – WannaCry Ransomware – Active IOC
August 17, 2022Rewterz Threat Alert – SystemBC Malware – Active IOCs
August 17, 2022Rewterz Threat Alert – WannaCry Ransomware – Active IOC
August 17, 2022Rewterz Threat Alert – SystemBC Malware – Active IOCs
August 17, 2022Severity
Medium
Analysis Summary
AveMaria RAT – aka WarzoneRAT – is a remote access trojan that targets Windows systems that provides the capability to gain unauthorized access to a victim’s PC or allow covert surveillance of it. It acts as a keylogger, can steal passwords, escalate privileges, and much more. AveMaria, like most malware, first arrives at systems as a result of phishing emails (as invoices and shipping orders), but is also available on the dark web for subscriptions. This malware-as-a-service RAT is written in C++ that has been available for purchase since at least 2018.
Impact
- Unauthorized Access
Indicators of Compromise
MD5
- 572e9db9f1bf848dea7be948b7ffcb75
- e64daff0471c6606a2f9efcb24aaf5fe
- 35dd8772cb2f6c17adfb99d06871d37c
SHA-256
- d9db59d346e230c873e73efb39d891b61e8026f3307772948974011989108be5
- f8c4a7c6de28c5a36033868de0a5c82a1906e87f1756e31055c8859218c54067
- 10ac14df2a69ae2351fa31db2e18712766e9c4165583199888cfe7290fbdee83
SHA-1
- 445f43ac53749c4b8c2966d7b8f7c30a23095b0a
- d8291e407caf312e0e706a03f813d04867f6658b
- 978077efa2038854ff09142bd6b5a87fee4f81e2
URL
http[:]//212[.]192[.]246[.]234/Spread/upnp_enc[.]exe
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.