Rewterz Threat Alert – IcedID banking Trojan – Active IOCs
September 14, 2022Rewterz Threat Alert – KONNI APT Group – Active IOCs
September 14, 2022Rewterz Threat Alert – IcedID banking Trojan – Active IOCs
September 14, 2022Rewterz Threat Alert – KONNI APT Group – Active IOCs
September 14, 2022Severity
Medium
Analysis Summary
AveMaria RAT – aka WarzoneRAT – is a remote access trojan that targets Windows systems that provides the capability to gain unauthorized access to a victim’s PC or allow covert surveillance of it. It acts as a keylogger, can steal passwords, escalate privileges, and much more. AveMaria, like most malware, first arrives at systems as a result of phishing emails (as invoices and shipping orders), but is also available on the dark web for subscriptions. This malware-as-a-service RAT is written in C++ that has been available for purchase since at least 2018.
Impact
- Unauthorized Access
Indicators of Compromise
MD5
- 65bb3221e01e181a3f04aff9c9aac08e
- 3fe1f2f1bbe8b968e349519ffccb62f2
- fa39ed10048bddffa7718d76a88dc20c
SHA-256
- 271eb62f906afa1371abcc24e222f6cfe80b20bdbca381a5eb40e01298c35143
- 124d5de253ac9393debaabb88dca797138120c1700233a3e45d89b964b8f01c3
- a3109fd8930af21a581b33fb48ea2d2b1e3ae235190730ef292ca85a8b27fe22
SHA-1
- e89219b4e1690169d2b96f33d3056c240fd65d70
- f5f75cb956f86764cec1c2d2e3bfccd803354883
- 22a7837388c83ab93938b0adfc943f4b49b42d9d
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.