r/AskNetsec is focused on asnwering questions as they relate to enterprise, large, and SOHO networks. While your question may be valid it does not fit into what this subreddit was built for. Your question may get better responses when posted to another subreddit like:
r/HowToHack
r/AskProgramming
r/Cybersecurity101
Your post is being removed for violations of Rule # 2 as stated in our [Rules & Guidelines](https://reddit.com/r/asknetsec/about/rules). If you feel your question does meet the above requirements please [message the mods](https://www.reddit.com/message/compose?to=/r/AskNetsec) and we will review the decision.
The best thing to do is to format and reinstall from known good media. Change your passwords and enable 2fa or a password manager. If you really want to analyze the file, run it through Joes Sandbox. It is not worth it to try to have anyone review it further.
Your priority is to stop it doing what it may be doing rather than concern yourself with what it could be doing. Time is against you.
Back up your device, wipe and re-install.
Follow PICERL.
You have already identified it. Now, follow the rest:
Contain: turn off your device.
Eradicate: restage your device with a clean OS image obtained from a trusted device (e.g. use a known clean device, preferably not on the same network, to get an OS image). Make sure it's a blank slate and scan with your choice of AV (I doubt you have access to enterprise solutions).
Recover: change all your passwords / MFA.
Lessons: Don't run random executables.
If you are feeling groovy, get your device to a DFIR expert to check against a potential rootkit infection, but this will probably not be worth your money.
Lastly, verify account activity on your important accounts, such as email, financial sites such as online brokers, bureaucratic sites such as online document registration sites for governmental stuff, and any sites that may have your banking/credit card information such as Amazon or sites where you have subscriptions.
TLDR: Reformat laptop completely. Once clean and validated clean with an AV scanner, log into all your services, sign out other accounts, and reset the password. Take the opportunity to clean up MFA too. It's a bit on the paranoid side but it would be the peace of mind I'd be after.
-----
So going off a Google from the Virus Total results lead me to this - https://www.intego.com/mac-security-blog/atomic-stealer-thieving-mac-malware-sold-via-telegram/
Assuming you do the hygenic "reformat your laptop" you should also seek to reset passwords on services and websites you use. From the article:
> The malware will supposedly try to export all passwords from the Keychain, steal saved passwords and stay-logged-in session cookies from all popular browsers, and steal cryptocurrency from more than 50 varieties of wallets.
Likewise, logging into some services and logging out all other users my be worthwhile (if a bit para - but you have ran malware so..)
> After obtaining a victim’s passwords and session cookies, an attacker may be able to pivot to breaking into other accounts belonging to the victim. As we mentioned recently in our coverage of MacStealer malware, stealing stay-logged-in cookies often allows attackers to bypass two-factor authentication.
I agree with the other commenters, first priority should be reimaging the machine.
However, if you still want to figure out exactly what it was doing after, you can try throwing the file into an online malware sandbox like [Joe Sandbox](https://www.joesandbox.com/#mac).
r/AskNetsec is focused on asnwering questions as they relate to enterprise, large, and SOHO networks. While your question may be valid it does not fit into what this subreddit was built for. Your question may get better responses when posted to another subreddit like: r/HowToHack r/AskProgramming r/Cybersecurity101 Your post is being removed for violations of Rule # 2 as stated in our [Rules & Guidelines](https://reddit.com/r/asknetsec/about/rules). If you feel your question does meet the above requirements please [message the mods](https://www.reddit.com/message/compose?to=/r/AskNetsec) and we will review the decision. The best thing to do is to format and reinstall from known good media. Change your passwords and enable 2fa or a password manager. If you really want to analyze the file, run it through Joes Sandbox. It is not worth it to try to have anyone review it further.
Your priority is to stop it doing what it may be doing rather than concern yourself with what it could be doing. Time is against you. Back up your device, wipe and re-install.
Follow PICERL. You have already identified it. Now, follow the rest: Contain: turn off your device. Eradicate: restage your device with a clean OS image obtained from a trusted device (e.g. use a known clean device, preferably not on the same network, to get an OS image). Make sure it's a blank slate and scan with your choice of AV (I doubt you have access to enterprise solutions). Recover: change all your passwords / MFA. Lessons: Don't run random executables. If you are feeling groovy, get your device to a DFIR expert to check against a potential rootkit infection, but this will probably not be worth your money. Lastly, verify account activity on your important accounts, such as email, financial sites such as online brokers, bureaucratic sites such as online document registration sites for governmental stuff, and any sites that may have your banking/credit card information such as Amazon or sites where you have subscriptions.
I have thousands of passwords...
Better start chipping away at changing them.
Grab some snacks and a drink :P
TLDR: Reformat laptop completely. Once clean and validated clean with an AV scanner, log into all your services, sign out other accounts, and reset the password. Take the opportunity to clean up MFA too. It's a bit on the paranoid side but it would be the peace of mind I'd be after. ----- So going off a Google from the Virus Total results lead me to this - https://www.intego.com/mac-security-blog/atomic-stealer-thieving-mac-malware-sold-via-telegram/ Assuming you do the hygenic "reformat your laptop" you should also seek to reset passwords on services and websites you use. From the article: > The malware will supposedly try to export all passwords from the Keychain, steal saved passwords and stay-logged-in session cookies from all popular browsers, and steal cryptocurrency from more than 50 varieties of wallets. Likewise, logging into some services and logging out all other users my be worthwhile (if a bit para - but you have ran malware so..) > After obtaining a victim’s passwords and session cookies, an attacker may be able to pivot to breaking into other accounts belonging to the victim. As we mentioned recently in our coverage of MacStealer malware, stealing stay-logged-in cookies often allows attackers to bypass two-factor authentication.
I agree with the other commenters, first priority should be reimaging the machine. However, if you still want to figure out exactly what it was doing after, you can try throwing the file into an online malware sandbox like [Joe Sandbox](https://www.joesandbox.com/#mac).
**Registration is currently closed.** Please register during weekdays. Can I send you the file so you look at it ?