Request a Demo
Rewterz
Rewterz Threat Alert – Cuba Ransomware – Active IOCs
May 31, 2022
Rewterz
Rewterz Threat Advisory – CVE-2022-22361 – IBM Business Automation Workflow and IBM Business Process Manager Vulnerability
June 1, 2022

Rewterz Threat Alert – AveMaria RAT – Active IOCs

Severity

Medium

Analysis Summary

AveMaria RAT – aka WarzoneRAT – is a remote access trojan that targets Windows systems that provides the capability to gain unauthorized access to a victim’s PC or allow covert surveillance of it. It acts as a keylogger, can steal passwords, escalate privileges, and much more. AveMaria, like most malware, first arrives at systems as a result of phishing emails (as invoices and shipping orders), but is also available on the dark web for subscriptions. This malware-as-a-service RAT is written in C++ that has been available for purchase since at least 2018.

Impact

  • Unauthorized Access

Indicators of Compromise

MD5

  • 894b7d3f75426ec30df2a56b4d5d1ffb
  • edc7f31febc71528d9d9e2af9593d688
  • 636ce8b93a1a496f5b6dcf8dce9cb9ce
  • 81ad5f6591a3bfc6cc429e76c6720f75
  • 1b4e35d189156a31a1c9240f239a9401
  • ba71686246c45e63b056d6068185acb7
  • aaaceb8dbbe836cdb11713e8dbf807fe
  • 58a274e7501e7ae8822e8ad84c0a672b
  • 8b766d5b8815e267c1e36a89b5723ba8

SHA-256

  • d6e6f22079850c2b0a5404e9372a5580551b513ce740330bdd97ada8d162a191
  • 22cdf9f3341f67fc5b6e088a0272c7dff1d0af01f923757d534230ce3327fc6a
  • 4d69d33f1488ca900dac7d704c5eee62828570fe41b1a209e9ec847bcab2a66d
  • 54604a231ce945d911f446ff801569ec594631953cb3d652f08a9881f1e71517
  • 68f7d9466fedd43a39847ac9bdcc537c888403230b6a9796e48e8650d2cd99d2
  • d78cdb363a6cfd9ea8dd96606495eb5ffc7ede3a0ce74cc56d6b06923204d460
  • e147a9007c186f10948ac44a4acf4c59c7692cc34c9219328386830ac977e6ca
  • a9f8e334d51264559ec5f428d848ec7a6eeedd3b8c6bffb981088cf1749a08db
  • 0e8fe8321d3ae4c7edcf58b0048285b630e63c3a1ee17222349cfe32c1b46293

SHA-1

  • aa04c249fb70fc613efbacc4a0e2913563c62143
  • 07dd0ed319814c14b073d0b11bcb312646d044d7
  • f6729a4117be9d23a5d3461e9a6bf7e55ab9429e
  • 8040236b2cb162709ce2cdc244b98a559c2cad13
  • 57621bbb7cc58110e7ff592cda62b25e2ef02189
  • 73d2f47e00223accf4831d59c3ab377ad8335e94
  • cd83be47815e9f1734cf98f532804580a6e6b8d8
  • e4247463f359d6452302cc9eaf9e45ec6aa94d56
  • 15459ddc310aeaced84f747b37b254494ac7653f

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment.