Rewterz Threat Alert – AveMaria RAT – Active IOCs

Severity

Medium

Analysis Summary

AveMaria RAT – aka WarzoneRAT – is a remote access trojan that targets Windows systems that provides the capability to gain unauthorized access to a victim’s PC or allow covert surveillance of it. It acts as a keylogger, can steal passwords, escalate privileges, and much more. AveMaria, like most malware, first arrives at systems as a result of phishing emails (as invoices and shipping orders), but is also available on the dark web for subscriptions. This malware-as-a-service RAT is written in C++ that has been available for purchase since at least 2018.

Impact

• Unauthorized Access

Indicators of Compromise

MD5

• 0c2a145c133fa0a00abc2ddc472a5b46
• 20a94c1150550772013e971f6151ba46
• 953d07805442896fe9f5698a0e2e942c
• 95221b128e2ea58c86fb21b321b1dc03
• 62243d187e189f1f193b7ebb99d45a8f
• f034363ae1a5c32124e809f18b3cceea
• 73e1ab13d800e7d474a00b8358748fce
• 6fe5939a4a600e12921d7b22b381f7b3

SHA-256

• fbc82a6d085f7bf19959040ca3f5f6445c3b3d12b0f7af0ec8fcd85663a2e931
• 6f178549e4142e5c18653b7b0391b1e5025b320420a52eae4cfe74a83ea73e96
• cb9db1a34e9db61f443aedf69b1cc605ef088b1e38d990cce2115f10d4b057c4
• d83aa0f6cae89cd0af385215ba7b08b997f876a1c87b60a14ff05fe1e1dccb8a
• 933aa9ff331533ee82a1d70637f87f67df0e2510799f30e0bab35bc75c0a48d0
• 81d0a8bc64c38faae2f075becf4ddb2f41d8c3539d25ba2e9cbefc48e945d76c
• 4c80b15f618430bbdf83f50f013a96c559f99effbfb0a8812f10bfddd086064b
• 72b22fc9be1cc59b6b8677642a4803eeeadebe06987b78db80e5149de5f7f44b

SHA-1

• 4aae6010f1f864403389bf5bbd2632ad8b53925d
• bd86e36a5035778229a2daebc94e006e293f436b
• 2d784e35df6b9ab6e70feab8eaa2b9ac9582a0a9
• a01027a00b163f4f0d77b4adf74a5b5a8ecc8315
• 2cfa0c2693e99a3d646e214cce0c7177c21b4b19
• c7743f95aee8a5b99fc5431719998c43e4773943
• 5e4fc3d85aad55759178396aafc977ca5a632808
• 3de1d7d51d99e04e0e45a963ebff0a83a0581573

Remediation

• Block all threat indicators at your respective controls.
• Search for IOCs in your environment.