SSL Certificates

The following table shows further information as well as a list of malware samples including the corresponding botnet C&C associated with the SSL certificate fingerprint bbdbbc5c9c29aa274f48deab62cd97f88aa066db.

Database Entry

SHA1 Fingerprint:bbdbbc5c9c29aa274f48deab62cd97f88aa066db
Certificate Common Name (CN):PEGASUS
Issuer Distinguished Name (DN):PEGASUS Server, OU=PEGASUS, O=PEGASUS By SKYNET, L=SH, C=CN
TLS Version:TLSv1
First seen:2021-12-23 05:41:21 UTC
Last seen:2023-01-27 07:32:17 UTC
Status:Blacklisted
Listing reason:AsyncRAT C&C
Listing date:2023-01-27 14:52:29
Malware samples:30
Botnet C&Cs:8

Malware Samples

The table below documents all malware samples associated with this SSL certificate.

Timestamp (UTC)Malware Sample (MD5 hash)VTSignatureBotnet C&C (IP:port)
2023-01-27 07:32:17a53466fc1c01a7fa4ac637e46c8ca0cdVirustotal results 31 / 63 (49.21%) AsyncRAT94.130.170.166:4449
2022-04-17 18:48:374ea5b68149c5077f7c55c15570009cdfn/a93.177.75.30:4449
2022-03-11 00:28:56abd6294bd3ff91bd0a1615bb8a454dfdVirustotal results 36 / 68 (52.94%) 95.217.146.171:4449
2022-02-26 05:39:24bd667cc3bb3277f02b92741f5ea5033eVirustotal results 31 / 63 (49.21%) 35.170.192.250:4449
2022-02-14 12:53:32c02a514fa2d8d4a75b3ec0b24a660a3dVirustotal results 23 / 68 (33.82%) 193.176.87.152:4449
2022-01-06 13:20:11acd71eeafda16b306ad2a04db836e553Virustotal results 34 / 68 (50.00%) AsyncRAT2.58.149.136:4449
2022-01-03 16:07:4883c4f653b2fe034df5018df9e1261706n/aSmoke Loader 2.58.149.136:4449
2022-01-02 16:38:27b0dd6a6157fe3f5906d614260ecf5421Virustotal results 36 / 67 (53.73%) 45.32.92.219:4444
2021-12-23 19:24:575d941d663aa77335eebfc3769cbbe12cVirustotal results 48 / 69 (69.57%) RaccoonStealer185.20.187.18:4449
2021-12-23 15:12:160d77f9bd1fbf32b1f697dec822a24b2an/aRaccoonStealer185.20.187.18:4449
2021-12-23 14:40:2665a8d259216c29747cb45e5e1ab61c1en/aRedLineStealer185.20.187.18:4449
2021-12-23 14:15:51ac251282b7508771a6c578db32dad488Virustotal results 29 / 67 (43.28%) RaccoonStealer185.20.187.18:4449
2021-12-23 13:24:08cadb0392cbee13ee04ccdaa2b4e91ea6n/aSmoke Loader 185.20.187.18:4449
2021-12-23 12:11:4944f6313a0a46ea80026e97df419964f3n/aAmadey185.20.187.18:4449
2021-12-23 12:11:351c85716f4b479656d3d2b5450b16b4beVirustotal results 25 / 66 (37.88%) Smoke Loader 185.20.187.18:4449
2021-12-23 11:49:56516a818a0bdcc052c44fd7ca024baaabn/aAmadey185.20.187.18:4449
2021-12-23 10:31:463632d29de59fa45235980ae48fe599fen/aAmadey185.20.187.18:4449
2021-12-23 10:13:0206e3299fc880492e234cf9cf68217731n/aSmoke Loader 185.20.187.18:4449
2021-12-23 08:37:34f53f4e83626bd2f75ad5b637d02bf6b3n/aSmoke Loader 185.20.187.18:4449
2021-12-23 08:28:545968e926e040f72df4e1c3212b73a4e9Virustotal results 27 / 67 (40.30%) RedLineStealer185.20.187.18:4449
2021-12-23 07:42:5840d341b54450529fffde42b599ded1den/aAmadey185.20.187.18:4449
2021-12-23 07:19:34eaa6c692032f24f162814ee901942777Virustotal results 26 / 67 (38.81%) RedLineStealer185.20.187.18:4449
2021-12-23 07:11:20d3011154c6def0d33b9d9d0d156c1cc3Virustotal results 22 / 68 (32.35%) RedLineStealer185.20.187.18:4449
2021-12-23 07:11:01d7e7d16ce4b7fbc72feb225b4225592eVirustotal results 25 / 65 (38.46%) Amadey185.20.187.18:4449
2021-12-23 06:53:35c74fb84ae174aee801188e6cb80ea32bVirustotal results 27 / 66 (40.91%) Amadey185.20.187.18:4449
2021-12-23 06:50:52c282ada6f2f1865b9f193604a77be50cVirustotal results 26 / 66 (39.39%) Smoke Loader 185.20.187.18:4449
2021-12-23 06:21:46809f5034caa3f642abbf2cca0eb94af9Virustotal results 26 / 66 (39.39%) Smoke Loader 185.20.187.18:4449
2021-12-23 06:02:2248644bc4a8243faf7a24252b8686797fVirustotal results 20 / 58 (34.48%) Smoke Loader 185.20.187.18:4449
2021-12-23 06:01:3944ff09b4015987929ea8fe579570680eVirustotal results 25 / 68 (36.76%) RedLineStealer185.20.187.18:4449
2021-12-23 05:41:210f7917b8750c5d37de57277cd634f2a9Virustotal results 26 / 67 (38.81%) Amadey185.20.187.18:4449

# of entries: 30 (max: 100)