Global ATM Malware Wall

[Xyl2k]

Hi there,
With few guys we made a zoo dedicated to malware targeting ATM platforms, as far as i know nobody has made a similar public project so voila.
You will find here malwares that specifically targets ATMs, and reports (notice) about them.
Files of interest got harvested from kernelmode.info, but also virustotal and various other services and peoples interested about the project.
I'm using binGraph, pedump, Python, bintext, for the engine on reports.

• Some samples exist in 'duplicate' on the wall (we also provide unpacks for few files), if it is the case: it's mentioned on the report.
• We have hashs who are without references (i mean not associated in a white paper or something) thoses files are regrouped on the statistics page, we tried to make the stat page interesting enough for everyone to have fun exploring the zoo from the stats.
• We have IoCs that others seem to don't have, e.g kaspersky report about winpot, that leaded also to funny react from ppl selling it no worry, everyone have it now.
• We have also a page that includes some yara rules for detecting some of these malwares, and a page with goodies, voila!
• Everything provided in old skool style, intro also available! CyberCrime quality

http://atm.cybercrime-tracker.net/
Feedback welcome, enjoy the ride ! 💳🏧

Edited March 18, 2019 by Xyl2k

[Xyl2k]

All samples has been pulled into hybrid-analysis.com sandboxes
also looks like we disturbed someone: http://atm.cybercrime-tracker.net/index.php?x=threat&hash=b57bc410683aba4c211e407320e6b7746ce25e06d81ddf480711228efd921a6c

 

[Xyl2k]

I made a small tutorial (originally published on Training Circle forum) about keygenning a recent ATM malware sample who passed our gate.
this is addressed to beginners.

keygenning.dispcash.19.tutorial.zip

[Xyl2k]

Not from us this time but another interesting read, a review of the landscape.
10 years of virtual dynamite: A high-level retrospective of ATM malware