Reverse Engineering new MacSync Variant - macOS Stealer

Описание: In this video, I reverse engineer a new MacSync stealer. This was shared with me by malwarehunterteam :) and resulted in the discovery of a new variant. This sample leverages XOR encoding to prevent detection so I cover how to make sense of the encoding using arm64 instructions and how to script a quick decode of strings. Also spend a moment covering the curl API usage and how you can make your life easier by importing header files (thanks Noar for teaching me this) in Binary Ninja. :)

Link for anyone that wants to download the sample and follow along:
https://bazaar.abuse.ch/sample/b9ef06...