Malware Botnet C&C

You are currently viewing the database entry for the malware botnet command&control server (C&C) hosted at 197.2.168.63 . You can get additional information about this C&C here, such as first seen, last seen and associated malware samples.

Database Entry

IP address:	197.2.168.63
Hostname:	n/a
AS number:	AS2609
AS name:	TN-BB-AS Tunisia BackBone AS
Country:	TN
First seen:	2023-04-26 14:11:14 UTC
Last online:	2023-04-26 16:xx:xx UTC

Botnet C&Cs

The table below shows all botnet C&Cs know to Feodo Tracker that are hosted on this host.

First seen (UTC)	IP address	Port	Malware	Status	Abuse complaint sent?	Last online (UTC)
2023-04-26 14:11:14	197.2.168.63	443	QakBot	Offline	Yes (2023-04-26 14:15:04 UTC)	2023-04-26 16:xx:xx

Referencing Malware Samples

The following table shows the most recent malware samples associated with malware botnet C&Cs hosted on 197.2.168.63. Please consider that the output is limited to the 500 most recent malware samples.

Time stamp (UTC)	MD5 hash	File Type	Virustotal	Malware
2023-05-03 21:46:55	a612bafabb800e5c11d0a9b68c71b2c4	dll	57.97%	Quakbot
2023-05-03 21:39:00	e76c745a1f91949d18704747dbfd1e33	dll	50.72%	Quakbot
2023-05-03 21:37:57	3113510f7c8a61fdc3565dd13dfa6d84	dll	57.97%	Quakbot
2023-05-03 21:17:16	24320b2a2a0a3085ac18c41180c7fb89	dll	46.38%	Quakbot
2023-05-03 21:04:09	96e7fbb64cc63b3ec29f09f944916665	dll	55.88%	Quakbot
2023-05-03 20:53:59	f4dbe6ce38e7224514ae5ded462f3f95	dll	44.29%	Quakbot
2023-04-29 11:15:02	f0e257a93b0a52254142c96103626cb9	dll	n/a	Quakbot
2023-04-29 06:55:18	a4c76a73905a552e77913cd11390c615	dll	n/a	Quakbot
2023-04-28 18:24:00	800075df2d6505b09972f56ac9cf6256	dll	47.83%	Quakbot
2023-04-27 19:09:37	6924f56e801db0a071ddb0bde3785fc9	dll	31.43%	Quakbot
2023-04-27 10:37:16	6c550fd05a37daf24366e5437b7b49bb	dll	n/a	Quakbot
2023-04-27 05:31:55	d161ed699aa75f2bb0361a940dbecf79	dll	17.14%	Quakbot
2023-04-27 05:24:04	34e3105f963d85f818827c8212e2c074	dll	17.14%	Quakbot