Click-Fraud Ramdo Malware Family Continues to Plague Users
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Data Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Hardware - T1592.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Software - T1592.002 Rundll32 - T1085
Show in Graph
Common Information
Type Value
UUID ad9f8a99-fa60-4795-a17d-c2eaeb94c5fc
Fingerprint ac5633106c72268f
Analysis status DONE
Considered CTI value 2
Text language
Published April 11, 2016, 2 a.m.
Added to db Jan. 18, 2023, 10:42 p.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline Click-Fraud Ramdo Malware Family Continues to Plague Users
Title Click-Fraud Ramdo Malware Family Continues to Plague Users
Detected Hints/Tags/Attributes 63/2/17
Source URLs
Redirection Url
Details Source https://unit42.paloaltonetworks.com/unit42-ramdo/
URL Provider
Details Provider Source level domain
Details paloaltonetworks.com unit42.paloaltonetworks.com
Attributes
Details Type #Events CTI Value
Details Domain 454 
www.google.com
Details Domain 707 
google.com
Details Domain 1 
qgwwyeeouiouwkya.org
Details Domain 5 
on.com
Details Domain 1 
search-spinner.com
Details Domain 1 
2026531.adsdomain.org
Details File 1 
%appdata%\microsoft\btstack.dll
Details File 1 
btstack.dll
Details File 1018 
rundll32.exe
Details File 40 
libcef.dll
Details md5 1 
F0E64CC571590513D0DC8D37EA23D153
Details sha1 1 
98d44a46e9dad00748d0278c84b58ce36d5e8861
Details sha256 1 
b534d55f384f4a2f9f8762ccd360a7c5d3fbd9ba15b1671e4a3629ef69a4472b
Details Windows Registry Key 15 
HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid
Details Windows Registry Key 1 
HKCU\SOFTWARE\Adobe\Acrobat
Details Windows Registry Key 1 
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\EnableBalloonTips
Details Windows Registry Key 1 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\BluetoothManage