ATM Malware JackPot v2

#31872 by areverser
Sun Jul 22, 2018 3:23 am

Finally i found it :) after amazing way :D

VT : https://www.virustotal.com/#/file/c3a5c ... /detection

Seller Website : hxtps://cutletv2.cf/media.php

Username

areverser

Posts

3

Joined

Sat Jul 21, 2018 4:49 am

Re: ATM Malware JackPot v2

#31886 by frank_boldewin
Tue Jul 24, 2018 9:48 am

Does the sample work for you?
On my machines it always crashes.

Username

frank_boldewin

Posts

116

Joined

Thu Apr 22, 2010 8:59 am

Location

germany

Contact

Re: ATM Malware JackPot v2

#31894 by areverser
Tue Jul 24, 2018 1:23 pm

Yes, ofcourse did you have same sample ? or other sample ?

Username

areverser

Posts

3

Joined

Sat Jul 21, 2018 4:49 am

Re: ATM Malware JackPot v2

#32071 by oilen
Fri Aug 31, 2018 7:21 am

Hi All,
thank you so much for the sample. I was able to use it with success. The SW is active and does it's job if properly used. It is designed for a specific SW vendor and it runs on all Vendor HW ATM versions that have the base installed. It will also run on any other ATM HW from other manufacturers but where the SW vendor base is installed and used for HW communication. SW connects directly to vendor libraries, bypassing XFS classic libraries. It is capable of direct control of dispensers and it shows deep knowledge of vendor platform.
More to follow,
JD

Username

oilen

Posts

6

Joined

Mon Sep 14, 2015 11:50 pm

Re: ATM Malware JackPot v2

#32091 by areverser
Tue Sep 04, 2018 6:22 pm

Interesting text, but after analyzing i found it just exploit old type of ATMs cash out money just by using XFS classic, Cashout Dispenser

Username

areverser

Posts

3

Joined

Sat Jul 21, 2018 4:49 am

Re: ATM Malware JackPot v2

#32092 by oilen
Tue Sep 04, 2018 11:35 pm

Depends on the version you analyze. Because of the sensitivity of the subject i cannot name exactly what and how it attacks but if you have the latest SW versions of the vendor software you will be surprised that it works on those versions too including 4.0 and 4.1. The specific vendor we are talking about has two layers of SW in order to connect to the actual HW device. The latest version of Cutlet uses a lower layer because that is the one it looks for first.

Username

oilen

Posts

6

Joined

Mon Sep 14, 2015 11:50 pm

Re: ATM Malware JackPot v2

#32169 by gelek
Thu Oct 04, 2018 7:12 am

oilen wrote: ↑Tue Sep 04, 2018 11:35 pm Depends on the version you analyze. Because of the sensitivity of the subject i cannot name exactly what and how it attacks but if you have the latest SW versions of the vendor software you will be surprised that it works on those versions too including 4.0 and 4.1. The specific vendor we are talking about has two layers of SW in order to connect to the actual HW device. The latest version of Cutlet uses a lower layer because that is the one it looks for first.

do you have jabber?

Username

gelek

Posts

1

Joined

Thu Oct 04, 2018 7:08 am

Re: ATM Malware JackPot v2

#32214 by oilen
Tue Oct 30, 2018 4:09 am

nope. send me a PM if you need more info

Username

oilen

Posts

6

Joined

Mon Sep 14, 2015 11:50 pm