DCRAT Impersonating the Colombian Government
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A new email attack distributing DCRAT, a Remote Access Trojan, has been uncovered. The threat actor impersonates a Colombian government entity to target organizations in Colombia. The attack employs multiple evasion techniques, including password-protected archives, obfuscation, steganography, base64 encoding, and multiple file drops. DCRAT features a modular architecture, comprehensive surveillance capabilities, information theft functions, system manipulation tools, file and process management, and browser credential harvesting. The attack chain involves a phishing email with a ZIP attachment containing a bat file, which drops an obfuscated vbs file. This file eventually runs a base64-encoded script that downloads and executes the final payload. The RAT employs various persistence mechanisms and anti-analysis techniques. It attempts to bypass Windows Antimalware Scan Interface (AMSI) and continuously tries to connect to its command-and-control server.
OPENCTI LABELS :
phishing,dcrat,remote access trojan,obfuscation,steganography,persistence,credential harvesting,colombia
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
DCRAT Impersonating the Colombian Government