Hello, This is FoxEarPhile.
I recently learned about PLOUTUS-D, it is ATM jackpotting Program. This Program 's base language is visual basic 7.0 C++, this program is so strong to ATM devices.
bellow infos are analysis infos about Diebold.exe. this is maybe made from deutsche.
malwarebytes's md5 : C04A7CB926CCBF829D0A36A91EBF91BD
malwarebyte's size : 198 kB
File type : 32Win execute file
File Code siae : 199168
Legal version : Copyright © 2015
Product version : 0.0.0.1Previously unobserved features of Ploutus-D
Previously unobserved features of Ploutus-D
It uses the Kalignite multivendor ATM Platform.
It could run on ATMs running the Windows 10, Windows 8, Windows 7 and XP operating systems.
It is configured to control Diebold ATMs.
It has a different GUI interface.
It comes with a Launcher that attempts to identify and kill security monitoring processes to avoid detection.
It uses a stronger .NET obfuscator called Reactor.
This are how Ploutus-D works...
1. Criminals gain physical access to ATM’s core CPU by means of breaking the top-box or using front-cover keys.
2. Once physical access is gained they leverage access to the USB ports or CDROM drive to infect the ATM with the malware. They also connect a standard keyboard to be able to operate it.
3. Ploutus-D contains an executable (AgilisConfigurationUtility.exe) and a Launcher (Diebold.exe). The executable can run as a standalone application or as a service installed by the Launcher, and will be controlled from the keyboard.
4. PLOUTUS-D runs in the background waiting for a combination of keystrokes to activate and take control of the ATM. It then displays a custom GUI asking for an authorization code, to guarantee control of the mule.
5. If authorization is granted, PLOUTUS-D displays details of how much money is available on each cash cassette and uses Kalignite’s XFS components to interact with the ATM dispenser, allowing the cybercriminal to issue multiple dispensing commands to empty the cash.
6. Activation and dispensing codes can be sent to PLOUTUS-D from the keyboard or from the ATM pinpad.
7. Finally, after the “cash-out” is completed, PLOUTUS-D provides with a cleanup mechanism to remove any traces of the attack.
So, this Script do capture the Credit card's info and credit card ic chip psswd(which are typed use atm keyboard...) and send it to attacker.
and also attakcer will control ATM devices which are attacker installed its.