Today > 5 Critical | 6 High | 25 Medium vulnerabilities   -   You can now download lists of IOCs here!

Analyzing the Mekotio Trojan

Aug. 30, 2024, 8:37 a.m.

Tags
malware
obfuscation
powershell
persistence
trojan
2024-08-30
mekotio trojan
External References
Description

The analysis delves into the Mekotio Trojan, a sophisticated malware that employs a PowerShell dropper to execute its payload. The dropper employs obfuscation techniques, such as custom XOR decryption, to conceal its operations. It collects system information, communicates with a command-and-control server for additional payloads, and ensures persistence through system modifications. The main payload consists of executable and script files utilized for malicious activities.

Date

Published: Aug. 30, 2024, 8:14 a.m.

Created: Aug. 30, 2024, 8:14 a.m.

Modified: Aug. 30, 2024, 8:37 a.m.

Indicators

65025475c24f4647b6140cbeced6899f8958f1c72ec17ee24816aa35d1a5639e

50.62.182.1

Download all indicators here!

Attack Patterns

Mekotio Trojan

T1064

T1059.001

T1547.001

T1005

T1082

T1083

T1071

T1041