March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Remcos RAT – Active IOCs
September 1, 2022Rewterz Threat Alert – FormBook Malware – Active IOCs
September 1, 2022Rewterz Threat Alert – Remcos RAT – Active IOCs
September 1, 2022Rewterz Threat Alert – FormBook Malware – Active IOCs
September 1, 2022
Severity
Medium
Analysis Summary
AveMaria RAT – aka WarzoneRAT – is a remote access trojan that targets Windows systems that provides the capability to gain unauthorized access to a victim’s PC or allow covert surveillance of it. It acts as a keylogger, can steal passwords, escalate privileges, and much more. AveMaria, like most malware, first arrives at systems as a result of phishing emails (as invoices and shipping orders), but is also available on the dark web for subscriptions. This malware-as-a-service RAT is written in C++ that has been available for purchase since at least 2018.
Recently, this AveMaria Rat was observed directing its most recent spam campaign at Ukraine with the email subject: Iнформацiя про спiвробiтникiв 2022. (Information about employees 2022.)
The email contains 4 lnk files and 3 decoy documents
Impact
- Unauthorized Access
Indicators of Compromise
MD5
- 44146555cf092feeb28dc749aa351396
SHA-256
- e109998197b6aebfe80586cb566e21c280fcece7f706bdc9f4b806e72fb50a26
SHA-1
- 27fabc5ed4aba8f30366873879f2ed997db93bf6
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.