ATM Malware JackPot v2

Forum for analysis and discussion about malware.
Post Reply
areverser
Posts: 3
Joined: Sat Jul 21, 2018 4:49 am

ATM Malware JackPot v2

Post by areverser » Sun Jul 22, 2018 3:23 am

Finally i found it :) after amazing way :D

VT : https://www.virustotal.com/#/file/c3a5c ... /detection

Seller Website : hxtps://cutletv2.cf/media.php

User avatar
frank_boldewin
Posts: 116
Joined: Thu Apr 22, 2010 8:59 am
Location: germany
Contact:

Re: ATM Malware JackPot v2

Post by frank_boldewin » Tue Jul 24, 2018 9:48 am

Does the sample work for you?
On my machines it always crashes.

areverser
Posts: 3
Joined: Sat Jul 21, 2018 4:49 am

Re: ATM Malware JackPot v2

Post by areverser » Tue Jul 24, 2018 1:23 pm

Yes, ofcourse did you have same sample ? or other sample ?

oilen
Posts: 5
Joined: Mon Sep 14, 2015 11:50 pm

Re: ATM Malware JackPot v2

Post by oilen » Fri Aug 31, 2018 7:21 am

Hi All,
thank you so much for the sample. I was able to use it with success. The SW is active and does it's job if properly used. It is designed for a specific SW vendor and it runs on all Vendor HW ATM versions that have the base installed. It will also run on any other ATM HW from other manufacturers but where the SW vendor base is installed and used for HW communication. SW connects directly to vendor libraries, bypassing XFS classic libraries. It is capable of direct control of dispensers and it shows deep knowledge of vendor platform.
More to follow,
JD

areverser
Posts: 3
Joined: Sat Jul 21, 2018 4:49 am

Re: ATM Malware JackPot v2

Post by areverser » Tue Sep 04, 2018 6:22 pm

Interesting text, but after analyzing i found it just exploit old type of ATMs cash out money just by using XFS classic, Cashout Dispenser

oilen
Posts: 5
Joined: Mon Sep 14, 2015 11:50 pm

Re: ATM Malware JackPot v2

Post by oilen » Tue Sep 04, 2018 11:35 pm

Depends on the version you analyze. Because of the sensitivity of the subject i cannot name exactly what and how it attacks but if you have the latest SW versions of the vendor software you will be surprised that it works on those versions too including 4.0 and 4.1. The specific vendor we are talking about has two layers of SW in order to connect to the actual HW device. The latest version of Cutlet uses a lower layer because that is the one it looks for first.

gelek
Posts: 1
Joined: Thu Oct 04, 2018 7:08 am

Re: ATM Malware JackPot v2

Post by gelek » Thu Oct 04, 2018 7:12 am

oilen wrote:
Tue Sep 04, 2018 11:35 pm
Depends on the version you analyze. Because of the sensitivity of the subject i cannot name exactly what and how it attacks but if you have the latest SW versions of the vendor software you will be surprised that it works on those versions too including 4.0 and 4.1. The specific vendor we are talking about has two layers of SW in order to connect to the actual HW device. The latest version of Cutlet uses a lower layer because that is the one it looks for first.
do you have jabber?

oilen
Posts: 5
Joined: Mon Sep 14, 2015 11:50 pm

Re: ATM Malware JackPot v2

Post by oilen » Tue Oct 30, 2018 4:09 am

nope. send me a PM if you need more info

Post Reply