amosstealer | d1ef64c3be316b244b32106ded0a87b56b8e9d16db4923491f31d9d35b225a46 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Setup.dmg
Size

1.1MB
Sample

240819-w7p8nazbja
MD5

f3426d15d5caebf602f3b01137c418d2
SHA1

41184cdf783011bf1fb1ec76e30944244e935fb3
SHA256

d1ef64c3be316b244b32106ded0a87b56b8e9d16db4923491f31d9d35b225a46
SHA512

bbac667aef0c52c1bff2b26ddf6004b29d083e48631f5821175bd03484d5829b70ddeb513081f6b809301d56b406b48779c538038fd05a0d29a0ea4fa9f97e01
SSDEEP

24576:wiAw66srij/IvlbkmPjic5cTGZ7pQN7ql7x+QN+5R:wiAw6uwbkajicFZ9S7qJhgR

Score

10^/10

amosstealer evasion exfiltration macos stealer

Malware Config

Targets

- Target
  
  Setup.dmg
- Size
  
  1.1MB
- MD5
  
  f3426d15d5caebf602f3b01137c418d2
- SHA1
  
  41184cdf783011bf1fb1ec76e30944244e935fb3
- SHA256
  
  d1ef64c3be316b244b32106ded0a87b56b8e9d16db4923491f31d9d35b225a46
- SHA512
  
  bbac667aef0c52c1bff2b26ddf6004b29d083e48631f5821175bd03484d5829b70ddeb513081f6b809301d56b406b48779c538038fd05a0d29a0ea4fa9f97e01
- SSDEEP
  
  24576:wiAw66srij/IvlbkmPjic5cTGZ7pQN7ql7x+QN+5R:wiAw6uwbkajicFZ9S7qJhgR
Score

10^/10

amosstealer evasion exfiltration stealer
- AmosStealer
  A MacOS stealer.
  stealer amosstealer
- Identifies hardware specifics through system_profiler
- Exfiltration Over Alternative Protocol
  Adversaries may steal data by exfiltrating it over an un-encrypted network protocol other than that of the existing command and control channel.
  exfiltration
- File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer) may leave traces to indicate to what was done within a network and how. Removal of these files can occur.
  evasion
behavioral1
- Target
  
  Setup/Setup
- Size
  
  324KB
- MD5
  
  ba96a32a84a857265edb61672f114d61
- SHA1
  
  534fedb494895f5aacf5830b5e8b4f39f0a3a527
- SHA256
  
  8d146de40eb5419015e30bc466ba5924801748fd08782ffc83a33b49e1b76f5d
- SHA512
  
  4142581fe482a1d91bf74c34271f0af8f196977cb4241458f76378a25afbe8b2350aa8828768652bf72fb9768ded33549895421f8e7d2b65e541c21d26557b78
- SSDEEP
  
  3072:9EVmpSfmbC/KlPOHSHjki0hyNQdFZPiaLfYFTa+3aPsAi0hyNQdFZPiwu+XMFT:9ABhyGvZPiaLfQauaXBhyGvZPiwuMM
Score

10^/10

amosstealer exfiltration stealer
- AmosStealer
  A MacOS stealer.
  stealer amosstealer
- Identifies hardware specifics through system_profiler
- Exfiltration Over Alternative Protocol
  Adversaries may steal data by exfiltrating it over an un-encrypted network protocol other than that of the existing command and control channel.
  exfiltration
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Resource Forking

Indicator Removal

File Deletion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Exfiltration Over Alternative Protocol

Exfiltration Over Unencrypted Non-C2 Protocol

Impact

Tasks

static1

behavioral1

amosstealerevasionexfiltrationstealer

behavioral2

amosstealerexfiltrationstealer