← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Mekotio Banking Trojan Threatens Financial Systems in Latin America
WHITE AlienVault 2024-07-04 Modified: 2024-08-03
18
IOCs
MEDIUM VOLUME
The Mekotio banking trojan, active since 2015, primarily targets Latin American countries to steal sensitive banking credentials through phishing emails containing malicious links or attachments. Upon execution, it gathers system information, connects to a command-and-control server, and performs credential theft, information gathering, and employs persistence mechanisms. The stolen data is sent back to the server for fraudulent activities. Users and organizations should follow security best practices to mitigate this threat.
banking trojancredential theftmekotio
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Mekotio
Indicators of Compromise (5 / 18 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 1087b318449d7184131f0f21a2810013b166bf37 2024-07-04
FileHash-SHA1 3fe5d098952796c0593881800975bcb09f1fe9ed 2024-07-04
FileHash-SHA1 5e92f0fcddc1478d46914835f012137d7ee3c217 2024-07-04
FileHash-SHA1 ef22c6b4323a4557ad235f5bd80d995a6a15024a 2024-07-04
FileHash-SHA1 f68d3a25433888aa606e18f0717d693443fe9f5a 2024-07-04
References (2)
↗ https://www.trendmicro.com/en_us/research/24/g/mekotio-banking-trojan.html ↗ https://www.trendmicro.com/content/dam/trendmicro/global/en/research/24/g/mekotio/mekotio-banking-trojan-threatens-financial-systems-in-latin-america.txt