Rewterz Threat Alert – AveMaria RAT – Active IOCs

Severity

Medium

Analysis Summary

AveMaria RAT – aka WarzoneRAT – is a remote access trojan that targets Windows systems that provides the capability to gain unauthorized access to a victim’s PC or allow covert surveillance of it. It acts as a keylogger, can steal passwords, escalate privileges, and much more. AveMaria, like most malware, first arrives at systems as a result of phishing emails (as invoices and shipping orders), but is also available on the dark web for subscriptions. This malware-as-a-service RAT is written in C++ that has been available for purchase since at least 2018.

Impact

• Unauthorized Access

Indicators of Compromise

MD5

• ece05e1aec9dfb77b3234ab4e190b183
• ec2c3a978cd95ed154840e6f867bef83
• 52d3b58ba1e80df9022ab0f82daac3b4
• 130bce675ebb9e99f5d4a91471ec77f9
• 1c9a922fd63435814c53f782b4bd8cea

SHA-256

• fb0c8c51cb031639473192e009e6cda43ef082c536e80a53d0e35536fe58d660
• f878faf27bcedcd5fc0fea48f8207661b533b8a99e4877a76fb58c24dec1fd7b
• db7ae55889acaf911a51e86041854808d1a5e3f5cce5b35951fdbbec8616ca1f
• ccc638be92d0d857eb18e441e7272f1c2079b5f35ab1e56a62a72ce2c819745a
• 44cb8052bd5df93d25f6d62b1ff50ed1289fbed59aafcc51579df9f547caaf47

SHA-1

• 5d5a56dd072f090879699bd4cce64353548aabc0
• 77a7a9259b95b38dc24778ddf2594ab71b327125
• 19531c7843d4427c46691074da9e55b0e252adec
• 1b6079ef7f566c9ed1e494c5c0b5206799d1cf1b
• d27ead2d5bfdd3949b8560955598af1b8434c957

Remediation

• Block all threat indicators at your respective controls.
• Search for IOCs in your environment.