Study of the Mekotio analysis

Posted date 15/04/2021

Through this study, a detail technical analysis of the threat is undertaken, with a sample of the malicious code, which belongs to the Mekotio family, with the main aim of identifying the actions this software carries out, using the set of tools used by this team of analysts.

This study is focused on the banking Trojan Mekotio, which is specially designed to attack users who use banking or cryptocurrency services. Since it was first detected in Spain, in March 2018, its code and functionalities have been developed and adapted, always maintaining the financial market as the main target, undertaking a high-impact malware distribution campaign in Spain since the beginning of 2021.

An IOC rule and a Yara rule are also available in this analysis to help with detecting samples belonging to the Mekotio family.

The technical report includes:

  • General information.
  • Summary of actions.
  • Detailed analysis.
  • Anti-detection and anti-reverse engineering techniques.
  • Persistence.