Once injected into the memory space of legitimate processes, these applications have the ability to modify ISO 8583 transaction data, an International Communications Protocol used for exchanging ATM card transaction requests and responses, resulting in fraudulent ATM withdrawals.Analysis of the remaining artifacts has not been modified, and includes the following:Three (3) additional XCOFF executable files, one of which may have been used to inject the malware described above into the memory space of a targeted server.One (1) ASCII Log file, possibly created by the use of the XCOFF injector (b3efec…)Two (2) versions of a Themida packed proxy service module, both Windows executables: one 32-bit and one 64-bit. This report is a update to NCCIC report MAR-10201537.r1.v1, published Nov 8, 2018, and contains additional information related to two XCOFF executables identified in the original report as non-malicious:SHA256:10ac312c8dd02e417dd24d53c99525c29d74dcbc84730351ad7a4e0a4b1a0ebaca9ab48d293cc84092e8db8f0ca99cb155b30c61d32a1da7cd3687de454fe86cFurther analysis indicates these files are malicious.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |