Hive0147 serving juicy Picanha with a side of Mekotio

SUMMARY :

IBM X-Force observed Hive0147, a highly active threat group in Latin America, distributing a new Golang-based downloader named Picanha to deploy the Mekotio banking trojan. Picanha is a two-stage malware that uses advanced techniques like direct syscalls and supports multiple download URLs, reliable encryption, and sophisticated in-memory execution. Mekotio is a Delphi-based banking trojan that targets various banking applications in Latin America, employing tactics like fake login windows, QR code manipulation, and stealing credentials. The malware establishes persistence, enumerates the system, and resolves its command-and-control servers using a domain generation algorithm (DGA). Hive0147's operations highlight the evolving threats targeting the growing digital landscape in Latin America.

OPENCTI LABELS :

malware,trojan,banking,mekotio,downloader,banker.fn,picanha


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Hive0147 serving juicy Picanha with a side of Mekotio