← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Mekotio Banking Trojan Threatens Financial Systems in Latin America
WHITE AlienVault 2024-07-04 Modified: 2024-08-03
18
IOCs
MEDIUM VOLUME
The Mekotio banking trojan, active since 2015, primarily targets Latin American countries to steal sensitive banking credentials through phishing emails containing malicious links or attachments. Upon execution, it gathers system information, connects to a command-and-control server, and performs credential theft, information gathering, and employs persistence mechanisms. The stolen data is sent back to the server for fraudulent activities. Users and organizations should follow security best practices to mitigate this threat.
banking trojancredential theftmekotio
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Mekotio
Indicators of Compromise (2 / 18 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 3e4f3d7f962653220759a1169c3bad45 MD5 of 1087b318449d7184131f0f21a2810013b166bf37 2024-07-04
FileHash-MD5 6c81cf6d72baffb7cfe0d62d8d17d5f4 MD5 of ef22c6b4323a4557ad235f5bd80d995a6a15024a 2024-07-04
References (2)
↗ https://www.trendmicro.com/en_us/research/24/g/mekotio-banking-trojan.html ↗ https://www.trendmicro.com/content/dam/trendmicro/global/en/research/24/g/mekotio/mekotio-banking-trojan-threatens-financial-systems-in-latin-america.txt