FASTCash for Linux

Oct. 15, 2024, 6:18 p.m.

Description

A newly identified variant of FASTCash "payment switch" malware specifically targets the Linux operating system, as well as Microsoft Windows, according to CISA and the Department of Homeland Security (DHS).

External References

https://doubleagent.net/fastcash-for-linux/
https://otx.alienvault.com/pulse/670ead49449b8caec5e64437
Tags
malware
linux
windows
code
cisa
2024-10-15
bluenoroff
fastcash
linux variant
ubuntu linux
atms
lira
linux sample
atmpos
triton
format
aix

Date

  • Created: Oct. 15, 2024, 5:58 p.m.
  • Published: Oct. 15, 2024, 5:58 p.m.
  • Modified: Oct. 15, 2024, 6:18 p.m.

Indicators

  • f43d4e7e2ab1054d46e2a93ce37d03aff3a85e0dff2dd7677f4f7fb9abe1abc8
  • f34b532117b3431387f11e3d92dc9ff417ec5dcee38a0175d39e323e5fdb1d2c
  • c3904f5e36d7f45d99276c53fed5e4dde849981c2619eaa4dbbac66a38181cbe
  • afff4d4deb46a01716a4a3eb7f80da58e027075178b9aa438e12ea24eedea4b0
  • 7f3d046b2c5d8c008164408a24cac7e820467ff0dd9764e1d6ac4e70623a1071
  • 609a5b9c98ec40f93567fbc298d4c3b2f9114808dfbe42eb4939f0c5d1d63d44
  • 5232d942da0a86ff4a7ff29a9affbb5bd531a5393aa5b81b61fe3044c72c1c00
  • 3a5ba44f140821849de2d82d5a137c3bb5a736130dddb86b296d94e6b421594c
  • 2611f784e3e7f4cf16240a112c74b5bcd1a04067eff722390f5560ae95d86361
  • 129b8825eaf61dcc2321aad7b84632233fa4bbc7e24bdf123b507157353930f0
  • 10ac312c8dd02e417dd24d53c99525c29d74dcbc84730351ad7a4e0a4b1a0eba
  • 078f284536420db1022475dc650327a6fd46ec0ac068fe07f2e2f925a924db49
Download all indicators here!

Attack Patterns

  • FASTCash
  • AIX
  • Windows
  • Linux
  • T1111
  • T1573
  • T1055
  • T1027
  • T1056
  • T1059