AveMariaRat, as its name says, is a modular RAT with an advanced design. When first discovered, researchers believed that the malware was quite simple and would not follow the story of Ryuk ransomware but… After further analysis, it was revealed that this virus had advanced features under its hood, such as privilege escalation and remote camera control.
AveMaria is capable of stealing a wide range of data from machines infected by this threat that even if this information is well protected, such as the credentials protected in Mozilla Firefox, it is not secure despite the PK11 encryption used.
However, some parts of the malware appear to be unfinished. And it seems that the authors are still working to further expand its functionality. Considering how effective this RAT is already this can be concerning. Unfortunately, the malware is also capable of avoiding detection on many target machines which can further complicate things.
Currently, this threat is being targeted by phishing at Windows users in which they are infected, by opening an apparently Excel file, with the AveMariaRAT malware, but this is not all, since it also infects with BitRAT and PandoraHVNC.
This threat is fairly new and, at this time, there is limited information about the Ave Maria RAT. All the more reason to use the advanced features provided by the ANY.RUN malware search service to analyze and dissect the available samples. Unfortunately, we must admit that we are likely to hear about this malware again, and the more prepared we are, the better.
