Rewterz Threat Alert – Remcos RAT – Active IOCs
August 24, 2022Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
August 24, 2022Rewterz Threat Alert – Remcos RAT – Active IOCs
August 24, 2022Rewterz Threat Alert – Agent Tesla Malware – Active IOCs
August 24, 2022Severity
Medium
Analysis Summary
AveMaria RAT – aka WarzoneRAT – is a remote access trojan that targets Windows systems that provides the capability to gain unauthorized access to a victim’s PC or allow covert surveillance of it. It acts as a keylogger, can steal passwords, escalate privileges, and much more. AveMaria, like most malware, first arrives at systems as a result of phishing emails (as invoices and shipping orders), but is also available on the dark web for subscriptions. This malware-as-a-service RAT is written in C++ that has been available for purchase since at least 2018.
Impact
- Unauthorized Access
Indicators of Compromise
IP
109[.]206[.]241[.]77
MD5
- ba3f05ffa78da8e3c9b055f36b27bb13
- 1b4060289c038aea99dbd67a896d6261
- 0e362e7005823d0bec3719b902ed6d62
SHA-256
- a8de1df3d5962a6423e1fa676bcbbe2971e509ed756ff59c3dba81ee483718fa
- 6f7ea0e3de89bc5268acd92f437c24021f69414cf56127870deae472ce92a839
- 2d0dc6216f613ac7551a7e70a798c22aee8eb9819428b1357e2b8c73bef905ad
SHA-1
- 938536ab8cc70ae9d64da682b0327a67e88d075a
- 98ac5c6c99bae2a04812296f693aab1990d3a515
- 590d860b909804349e0cdc2f1662b37bd62f7463
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.