Making oRAT, Go

Presented at Objective by the Sea version 5.0 (2022), Oct. 7, 2022, 4:40 p.m. (25 minutes)

oRAT is a new piece of macOS malware, written in Go, belonging to a recently uncovered APT group, "Earth Berberoka". After first addressing challenges of reversing Go-based malware, we will provide the first comprehensive analysis of this intriguing threat …but not in the traditional way. \n\n Rather we’ll highlight the creation of a custom command & control server that allowed us to uncover the malware’s full functionality, simply by asking the right questions!

Presenters:

• Patrick Wardle - Founder, Objective-See Foundation
  Patrick Wardle is the founder of the Objective-See Foundation. Having worked at NASA and the NSA, as well as presented at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. \n\n Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware and writing free open-source security tools to protect Mac users.

Links:

• https://objectivebythesea.org/v5/talks.html#Speaker_26

Similar Presentations:

• DEF CON 25 (2017) / Offensive Malware Analysis: Dissecting OSX/FruitFly via a Custom C&C Server
• Black Hat USA 2017 / Offensive Malware Analysis: Dissecting OSX/FruitFly via a Custom C&C Server
• VB2017 / Offensive malware analysis: dissecting OSX/FruitFly via a custom C&C server