Threat Analysis: DCRat presence growing in Latin America

SUMMARY :

Hive0131 is conducting email campaigns targeting users in Colombia with fake electronic notifications of criminal proceedings, purportedly from The Judiciary of Colombia. The campaigns deliver DCRat, a banking trojan operated as Malware-as-a-Service, through embedded links or PDF lures. DCRat's presence has increased in Latin America since 2024. The infection chain involves downloading a loader called VMDetectLoader, which uses process hollowing to inject DCRat into memory. VMDetectLoader can detect virtual machines and create persistence through scheduled tasks or registry keys. DCRat has various capabilities including recording victims, file manipulation, and keystroke logging. IBM X-Force assesses that Latin America will continue facing targeting from actors deploying banking trojans via phishing campaigns.

OPENCTI LABELS :

phishing,process hollowing,banking trojan,dcrat,maas,colombia,vmdetectloader


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Threat Analysis: DCRat presence growing in Latin America