March 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – CVE-2022-38019 – Microsoft Windows AV1 Video Extension Vulnerability
September 18, 2022Rewterz Threat Alert – Snake Keylogger’s Malware – Active IOCs
September 18, 2022Rewterz Threat Advisory – CVE-2022-38019 – Microsoft Windows AV1 Video Extension Vulnerability
September 18, 2022Rewterz Threat Alert – Snake Keylogger’s Malware – Active IOCs
September 18, 2022
Severity
Medium
Analysis Summary
AveMaria RAT – aka WarzoneRAT – is a remote access trojan that targets Windows systems that provides the capability to gain unauthorized access to a victim’s PC or allow covert surveillance of it. It acts as a keylogger, can steal passwords, escalate privileges, and much more. AveMaria, like most malware, first arrives at systems as a result of phishing emails (as invoices and shipping orders), but is also available on the dark web for subscriptions. This malware-as-a-service RAT is written in C++ that has been available for purchase since at least 2018.
Impact
- Unauthorized Access
Indicators of Compromise
MD5
- c65d33d81e9985da70d249718bf24392
- 8be706dd79e07722ea4a0481091f407d
- ac8a21c224860f80c8ef0b3edda4cd6a
SHA-256
- 0db986d1314a3c9ee0e3a30e853ee6f258eeab311117826856a58db70bdf265a
- 9a3893833dc83a8411169661d6a3c7789c0d23f8240dc27ccce8ec1d148bf529
- fdc16089e99df75ad18b911a11fe6e7e58b0f68385279b8f21f16721a7707528
SHA-1
- aad8612a33f4539dbe6c845cacf7cb11406cfc2f
- 648ea58cb79715122b4039671dd90375ae12a777
- ed76fd91271ab3db979df5416e432d4cd3401fb4
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.