Alice ATM Malware is bare bone malware that just do the job, stealing money. There is no options no sneaking or sniffing data. It is meant solely to empty the safe of ATMs. In order to deploy this Alice, threat actors must have physical access to an ATM via its USB ports or CD-ROM slots. Prior to running, Alice checks for compatible Extensions for File Services (XFS) systems by locating several registry keys and will display the message 'Error -43!' if a supported XFS system is not found. If successfully located, a window will appear requesting that the user enter an access code for authorization. Newer versions of Alice also has the capability to connect remotely via Remote Desktop Protocol (RDP); however, this feature does not appear to have been used in previous attacks.
| b8063f1323a4ae8846163cc6e84a3b8a80463b25b9ff35d70a1c497509d48539 | HEUR:Trojan.Win32.Generic | Download |
| e3bf733cc85da7421522a0b1ff788d43bcacd02815a88d19426e80de564174b3 | HEUR:Trojan.Win32.Generic | Download |
| 04f25013eb088d5e8a6e55bdb005c464123e6605897bd80ac245ce7ca12a7a70 | Backdoor.Win32.Atmmng.b | Download |
| 23c50f1c37b7c55554c282ba1781e9d6279cbbd7bfc5f64772d2e7a8962ebe70 | Trojan-Banker.Win32.Agent.aobd | Download |
| db1169df116fda46319c4b87607df7b6a5e80b48de5411d47684974ca22dd35a | Trojan-Dropper.Win32.Agent.bjyltu | Download |
| 6b2fac8331e4b3e108aa829b297347f686ade233b24d94d881dc4eff81b9eb30 | Trojan.Win32.ATMAlice.b | Download |