Analyzing the Mekotio Trojan

Aug. 30, 2024, 8:37 a.m.

Description

The analysis delves into the Mekotio Trojan, a sophisticated malware that employs a PowerShell dropper to execute its payload. The dropper employs obfuscation techniques, such as custom XOR decryption, to conceal its operations. It collects system information, communicates with a command-and-control server for additional payloads, and ensures persistence through system modifications. The main payload consists of executable and script files utilized for malicious activities.

External References

https://www.cyfirma.com/research/analyzing-the-mekotio-trojan/
https://otx.alienvault.com/pulse/66d17f53d59771b7c9c4c94b
Tags
malware
obfuscation
powershell
persistence
trojan
2024-08-30
mekotio trojan

Date

  • Created: Aug. 30, 2024, 8:14 a.m.
  • Published: Aug. 30, 2024, 8:14 a.m.
  • Modified: Aug. 30, 2024, 8:37 a.m.

Indicators

  • 65025475c24f4647b6140cbeced6899f8958f1c72ec17ee24816aa35d1a5639e
  • 50.62.182.1
Download all indicators here!

Attack Patterns

  • Mekotio Trojan