SSL Certificates

The following table shows further information as well as a list of malware samples including the corresponding botnet C&C associated with the SSL certificate fingerprint 1714ea54c7f0d5e801c9822137a794b655e44529.

Database Entry


SHA1 Fingerprint:1714ea54c7f0d5e801c9822137a794b655e44529
Certificate Common Name (CN):salagriva.com/emailAddress=admin@salagriva.com
Issuer Distinguished Name (DN):salagriva.com/emailAddress=admin@salagriva.com
TLS Version:TLSv1
First seen:2016-02-18 21:19:51 UTC
Last seen:2016-04-13 08:10:41 UTC
Status:Blacklisted
Listing reason:Qadars C&C
Listing date:2016-02-19 07:18:46
Malware samples:52
Botnet C&Cs:9

Malware Samples


The table below documents all malware samples associated with this SSL certificate.

Timestamp (UTC)Malware Sample (MD5 hash)VTSignatureBotnet C&C (IP:port)
2016-04-13 08:10:41d23f754f1c3a89dea9b0d1749b7fb9ban/aQuakbot192.169.6.155:443
2016-04-13 08:06:1902c1e7e0d11fc72a475dd645e6da6a4bn/aQuakbot192.169.6.155:443
2016-04-13 07:46:25a587b15506de11ff3c9eed0a4b3ce7a9n/aQuakbot192.169.6.155:443
2016-04-13 06:28:10fcd7de955549607144d90cbbcd9842b4n/aQuakbot192.169.6.155:443
2016-04-13 05:40:3735bcfa36fc39e1a089ce2002884a2ee2n/aQuakbot192.169.6.155:443
2016-04-12 13:19:18f5dbd84500ec6b2598b21bb9fe09219dn/aQuakbot192.169.6.155:443
2016-04-12 09:04:087a76ccff673670fa8208bd3e924c4216n/aQuakbot192.169.6.155:443
2016-04-11 11:44:546e2813ca24b22af5bc87b9d2118fa444Virustotal results 30/57 (52.63%) Quakbot192.169.6.155:443
2016-04-11 08:38:26a681be0d2016499c23f5f5885a770b09Virustotal results 23/57 (40.35%) Quakbot192.169.6.155:443
2016-04-11 07:16:479ffac386a269c8bf1a1a06ece089b33aVirustotal results 19/57 (33.33%) Quakbot192.169.6.155:443
2016-04-10 06:29:092a7da20b1373d0559b9e57478336d46en/aQuakbot192.52.167.201:443
2016-04-09 12:40:237061a43f164d1d1dc0b8bcc3a74b8714Virustotal results 15/57 (26.32%) Quakbot199.193.250.105:443
2016-04-07 07:43:4481d757c4573152c6673a2a3ebfb1657dVirustotal results 9/57 (15.79%) Quakbot199.193.250.105:443
2016-04-06 02:44:11e30d4b61520c8c02016f172a65a76a59Virustotal results 18/57 (31.58%) Quakbot199.193.250.105:443
2016-04-02 12:13:4609693e2a1af7eeff2f37996623282c22n/aQuakbot199.193.250.105:443
2016-03-31 15:46:23ca1337b5c21ad5b529dc18c607c9e0c8Virustotal results 11/56 (19.64%) Quakbot91.216.245.35:443
2016-03-26 23:16:053012ed3be68974a45af00ddc0febda6cVirustotal results 29/57 (50.88%) Quakbot91.216.245.35:443
2016-03-24 18:58:49004a28a66cc0e77c76365317c59d4d27n/aQuakbot91.216.245.35:443
2016-03-19 16:40:52281fda790447f24ba69892d22fe1af08Virustotal results 38/57 (66.67%) Quakbot91.216.245.35:443
2016-03-07 05:49:18fb26bef696604a19a6c4d30cd6e67b30Virustotal results 27/57 (47.37%) Quakbot192.157.249.24:443
2016-03-05 09:41:25cf4b30b496c3ab50cb2f0458ecfe589bn/aQuakbot192.157.249.24:443
2016-03-04 02:02:2702162ee9dc1c8b9f319be8021c430b25n/aQuakbot192.157.249.24:443
2016-03-02 06:24:34e7b82b47aab9dc474b2f1a72ed1d75b2n/aQuakbot84.200.2.23:443
2016-03-01 19:56:52b8ea1fdc5f893fcb06e838d2f9f25c6bVirustotal results 27/55 (49.09%) Quakbot84.200.2.23:443
2016-03-01 13:11:463519d79fe427833661dec573e62771a7Virustotal results 36/56 (64.29%) Quakbot84.200.2.23:443
2016-03-01 08:09:57a8db8cc080ee9a33ca48ac2f5e205ae6Virustotal results 3/56 (5.36%) Qadars 84.200.2.23:443
2016-02-29 13:33:19eb3a79de543d8f243a87ad5742dadcben/aQuakbot84.200.2.23:443
2016-02-29 12:41:57279a0b5109d5c898bfeb7daaf6383da5n/aQuakbot84.200.2.23:443
2016-02-29 12:36:508b252547121044cef9bd7763da067278n/aQuakbot84.200.2.23:443
2016-02-29 08:53:56593408dbc8cd8992038521acece31d47n/aQuakbot84.200.2.23:443
2016-02-29 07:34:426728e729d66cf7bff4c303f03698e663n/aQuakbot84.200.2.23:443
2016-02-28 11:17:008a263bb2fc12fc86c4a65cfc8cadb696n/aQadars 192.157.238.182:443
2016-02-27 15:27:58d76cc030bd9e3095d1fcba4cc73bb920Virustotal results 3/56 (5.36%) Qadars 192.157.238.182:443
2016-02-27 08:11:3037823f69a9c18b5d069d773d1aa66fbfn/aQadars 192.157.238.182:443
2016-02-27 07:14:4154a6bc698190bd912c6c5b4ae80742bcVirustotal results 19/56 (33.93%) Qadars 192.157.238.182:443
2016-02-27 01:01:44a8e94d41f534736800e05454e12d9c09Virustotal results 17/55 (30.91%) Qadars 192.157.238.182:443
2016-02-22 15:47:0708963839c532975c1ebc6191c80ac9feVirustotal results 6/55 (10.91%) Qadars 192.169.6.173:443
2016-02-21 19:10:1972ac0618f399b9717706de786bb79679Virustotal results 6/55 (10.91%) Qadars 168.235.66.206:443
2016-02-21 15:11:27661a6b57086a7ea6b67c083757c9f8b1Virustotal results 4/55 (7.27%) Qadars 168.235.66.206:443
2016-02-21 14:31:34b23859609f98a78afc4fb1af0be91a2aVirustotal results 25/56 (44.64%) Qadars 168.235.66.206:443
2016-02-21 14:18:18674191b46583e6db3f924117b74627c2Virustotal results 28/57 (49.12%) Qadars 168.235.66.206:443
2016-02-21 14:06:270508a654ee6a9b59937296fcc341ea99Virustotal results 31/57 (54.39%) Qadars 168.235.66.206:443
2016-02-21 13:44:4151f217379ccc4c0f9162bc5265dff675Virustotal results 18/52 (34.62%) Qadars 168.235.66.206:443
2016-02-20 18:48:332006abd6eb5885ea3a7752d9df9e32a5Virustotal results 22/55 (40.00%) Qadars 168.235.66.206:443
2016-02-20 14:02:10cc73e8712b1689a941743d69b8b7db48Virustotal results 3/54 (5.56%) Qadars 168.235.66.206:443
2016-02-20 11:48:41d38ecc17df1006f3e0ee801863fcc9e6Virustotal results 4/55 (7.27%) Qadars 168.235.66.206:443
2016-02-20 11:34:56e61c1c00329503689d4ce4e8e6d3b2abVirustotal results 14/55 (25.45%) Qadars 168.235.66.206:443
2016-02-20 10:19:33fd3614fe130d908e1a24a5a8f7ab8939Virustotal results 31/53 (58.49%) Qadars 168.235.66.206:443
2016-02-19 18:45:057686f9284baccd719ddd11ab6370c102Virustotal results 6/55 (10.91%) Qadars 168.235.66.206:443
2016-02-19 16:28:3154c9f6748b0b8f9c61cd5ef6b0d713a3Virustotal results 17/55 (30.91%) Qadars 168.235.66.206:443
2016-02-19 16:21:077dca346a75b49d898d74e349e612bc94Virustotal results 5/56 (8.93%) Qadars 168.235.66.206:443
2016-02-18 21:19:5133d7a12d10f594c1b0a0aa445c02a4f7Virustotal results 4/54 (7.41%) Qadars 168.235.66.206:443

# of entries: 52 (max: 100)