Rewterz Threat Alert – AveMaria RAT – Active IOCs

Severity

High

Analysis Summary

AveMaria RAT – aka WarzoneRAT – is a remote access trojan that targets Windows systems that provides the capability to gain unauthorized access to a victim’s PC or allow covert surveillance of it. It acts as a keylogger, can steal passwords, escalate privileges, and much more. AveMaria, like most malware, first arrives at systems as a result of phishing emails (as invoices and shipping orders), but is also available on the dark web for subscriptions. This malware-as-a-service RAT is written in C++ that has been available for purchase since at least 2018

Impact

• Password & identity theft
• Data Exfiltration
• Information Theft

Indicators of Compromise

MD5

• 1b3d01265bd68ad96a38966e4f8526f6
• a28a8c381f7460d2a35f10186ca34dd6
• 72a6aa16947a6b0a491cba700e6b47d5
• d8c168266888261dc783a5b141c4b1fb
• a4e060ebd5bb75b17e61e711c97b8ec0

SHA-256

• b320fa114a23a5a628f5e3bda3a287fe38a925c24141f6acbb3737ebd8ddfcf7
• a43a0cacbfaf5aa649acc0d29ce25855ea92c50af2729f30c5f2ecfad376ef4d
• a4a1163ee346e765b3903a0f23d5a28c4df49872198bd79866ab6dd54e36d423
• 97bb73a7c678dc8cf65ad807b2915efdd8f16d7cffe5520511425bb1c42ecbfb
• 0c904d84b3edcea793d00182f0a98d0d39ece6920fa6d685b1dbf26d9cce054e

SHA-1

• c7db1a071b9860dbfce0eeb39ed79e1c0ee5832b
• 0ea66a29cca600bdd91f3505884d74dd7df09d9f
• 02b85edb22023481d08da1386db051385432c303
• c5d6a9a6bca2cb6c9db40c62c6f2ec302b916c13
• 1b4ae0ef24fb82fdda481a556ee48b158b7232aa

Remediation

• Block all threat indicators at your respective controls.
• Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
• Maintain cyber hygiene by updating your anti-virus software and implementing a patch management lifecycle.