Analyzing the Mekotio Trojan

SUMMARY :

The analysis delves into the Mekotio Trojan, a sophisticated malware that employs a PowerShell dropper to execute its payload. The dropper employs obfuscation techniques, such as custom XOR decryption, to conceal its operations. It collects system information, communicates with a command-and-control server for additional payloads, and ensures persistence through system modifications. The main payload consists of executable and script files utilized for malicious activities.

OPENCTI LABELS :

powershell,malware,trojan,obfuscation,persistence,mekotio trojan


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Analyzing the Mekotio Trojan