216.73.216.174

Threat Analysis: DCRat presence growing in Latin America

· Published 06/06/2025 11:02 · Modified 08/06/2025 16:55

Export JSON

Essential information

Published
06/06/2025 11:02
Modified
08/06/2025 16:55
Tags
2025-06-06 banking trojan colombia dcrat maas phishing process-hollowing vmdetectloader
Related entities
3 observables, 1 intrusion sets (apt), 15 techniques (mitre), 3 others

Description

Hive0131 is conducting email campaigns targeting users in with fake electronic notifications of criminal proceedings, purportedly from The Judiciary of . The campaigns deliver , a operated as Malware-as-a-Service, through embedded links or PDF lures. 's presence has increased in Latin America since 2024. The infection chain involves downloading a loader called , which uses process hollowing to inject into memory. can detect virtual machines and create persistence through scheduled tasks or registry keys. has various capabilities including recording victims, file manipulation, and keystroke logging. IBM X-Force assesses that Latin America will continue facing targeting from actors deploying banking trojans via campaigns.

External references