Challenge - macOS Malware
Tackling another Lets Defend Challenge, that being the MEDIUM DIFFICULTY "macOS Malware" challenge. We are given a 7zip compressed file of Mac OS Malware and a Windows VM system to analyze the malware and answer 8 questions. "Mac StealthWare has recently emerged as a new and formidable threat in the world of MacOS security. Unlike typical malware, Mac StealthWare is highly sophisticated and uses advanced evasion techniques to avoid detection by traditional security measures. The malware is typically distributed through malicious email attachments, fake software updates, or compromised websites. Unsuspecting users inadvertently download and run the malware, believing it to be legitimate software." MALWARE: https://www.virustotal.com/gui/file/66256af9596907e38fb56fee9cdd3316df26df505df816ab3f44b8627a672469?nocache=1 https://tria.ge/231228-hspfxsdca4 https://www.malwarebytes.com/blog/threat-intelligence/2024/01/atomic-stealer-rings-in-the-new-year-with-updated-version https://www.bitdefender.com/blog/labs/when-stealers-converge-new-variant-of-atomic-stealer-in-the-wild/ https://cyble.com/blog/uncovering-atomic-stealer-amos-strikes-and-the-rise-of-dead-cookies-restoration/ https://blog.kandji.io/amos-macos-stealer-analysis NOTES: https://www.varonis.com/blog/how-to-use-ghidra https://medium.com/@acheron2302/ghidra-tutorial-in-reverse-engineering-for-window-absolute-begineer-302ba7d810f https://hex-rays.com/products/ida/support/tutorials/ https://infosecwriteups.com/reverse-engineering-a-binary-with-ida-free-346cab16be9f
Tackling another Lets Defend Challenge, that being the MEDIUM DIFFICULTY "macOS Malware" challenge. We are given a 7zip compressed file of Mac OS Malware and a Windows VM system to analyze the malware and answer 8 questions. "Mac StealthWare has recently emerged as a new and formidable threat in the world of MacOS security. Unlike typical malware, Mac StealthWare is highly sophisticated and uses advanced evasion techniques to avoid detection by traditional security measures. The malware is typically distributed through malicious email attachments, fake software updates, or compromised websites. Unsuspecting users inadvertently download and run the malware, believing it to be legitimate software." MALWARE: https://www.virustotal.com/gui/file/66256af9596907e38fb56fee9cdd3316df26df505df816ab3f44b8627a672469?nocache=1 https://tria.ge/231228-hspfxsdca4 https://www.malwarebytes.com/blog/threat-intelligence/2024/01/atomic-stealer-rings-in-the-new-year-with-updated-version https://www.bitdefender.com/blog/labs/when-stealers-converge-new-variant-of-atomic-stealer-in-the-wild/ https://cyble.com/blog/uncovering-atomic-stealer-amos-strikes-and-the-rise-of-dead-cookies-restoration/ https://blog.kandji.io/amos-macos-stealer-analysis NOTES: https://www.varonis.com/blog/how-to-use-ghidra https://medium.com/@acheron2302/ghidra-tutorial-in-reverse-engineering-for-window-absolute-begineer-302ba7d810f https://hex-rays.com/products/ida/support/tutorials/ https://infosecwriteups.com/reverse-engineering-a-binary-with-ida-free-346cab16be9f