SSL Certificates

The following table shows further information as well as a list of malware samples including the corresponding botnet C&C associated with the SSL certificate fingerprint 6bdb302e1dd3a6af6e22f319da1898b46eeb9c55.

Database Entry


SHA1 Fingerprint:6bdb302e1dd3a6af6e22f319da1898b46eeb9c55
Certificate Common Name (CN):Henpkno, OU=Ugpscgvfmhiw, ST=fpuhyn, O=Pfjruuyf, C=VN, L=Mmc Dkrpndsuximjfo
Issuer Distinguished Name (DN):Henpkno, OU=Ugpscgvfmhiw, ST=fpuhyn, O=Pfjruuyf, C=VN, L=Mmc Dkrpndsuximjfo
TLS Version:TLS 1.2
First seen:2022-12-23 05:37:39 UTC
Last seen:2022-12-23 17:33:40 UTC
Status:Blacklisted
Listing reason:DanaBot C&C
Listing date:2022-12-23 17:25:36
Malware samples:8
Botnet C&Cs:1

Malware Samples


The table below documents all malware samples associated with this SSL certificate.

Timestamp (UTC)Malware Sample (MD5 hash)VTSignatureBotnet C&C (IP:port)
2022-12-23 17:33:40bbb6f61b39fa9f643be9df9cdd3125b7n/aServHelper23.254.225.181:443
2022-12-23 16:01:5746ed908fd15d8ef90aac5aeab58c73b2n/aServHelper23.254.225.181:443
2022-12-23 15:52:20968847a638f5e0eb9319c1f00bdb034fn/aSmoke Loader 23.254.225.181:443
2022-12-23 14:37:33a76d6824c331c888ba17df92923a08e6n/aArkeiStealer23.254.225.181:443
2022-12-23 13:48:1017235d729ed59813d4f0917c71e93927Virustotal results 34 / 70 (48.57%) 23.254.225.181:443
2022-12-23 13:40:45ed997528c538bac2da0002603e8e1de5n/aSmoke Loader 23.254.225.181:443
2022-12-23 06:36:0001a66f76a3a1408dfb5bdf1689e6b8b3n/aDanaBot23.254.225.181:443
2022-12-23 05:37:39cab4c4e416eaceafe25c92d7c3a27a3an/aDanaBot23.254.225.181:443

# of entries: 8 (max: 100)