MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 00a45349617749a482fd911639220412f146df5e5eebd39773654789625dcefc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 00a45349617749a482fd911639220412f146df5e5eebd39773654789625dcefc
SHA3-384 hash: 6a8a14013ce5baea770bd94839c1183b6ce1d5f1949df42e69a09176f3ea2b2db72b883058c472bb98caaf951083336d
SHA1 hash: a60794cb1ce8387298d353bda5d5a414178fb6e1
MD5 hash: 05e662be2c994faf2324c97a215101cc
humanhash: finch-william-sink-stream
File name:lilin.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'810 bytes
First seen:2026-02-01 07:32:45 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:nDdJfDxgXdkOJsY8dxqDMd1hIdae66dTLW3dRxbdhHp/twdlzlDdbBhqdOel8NIv:nDCGIMCMt6VMNboVpqz71zl
TLSH T10831B3CF30415B73258D9F80F2E2914DB490899166B99F74FDB824A6CED7A0137ACAF4
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://130.12.180.20:34029/x86_64b6db8bb39c7305a6a0a1024ab9b51e7d7b4c016455865504909644b4381ede78 Miraielf mirai ua-wget
http://130.12.180.20:34029/x8675cb064f489b12d4130786e1aa6963dfa2fc9de82b8d3b2150385ce9d65d27dc Miraielf mirai ua-wget
http://130.12.180.20:34029/m68k4dae9f444d6d484da953f928ac5ea4ddd9c556e54fed41146d5059183d18fa54 Miraielf mirai ua-wget
http://130.12.180.20:34029/mips115ba7461c23928d82557c16bf70b0b1b06d0dcec8a28622463d349ee696d4b0 Miraielf mirai ua-wget
http://130.12.180.20:34029/mpslfcc742b8f1948c436d4c9037b8cc2aae0200714fd8d4bad28f87a6b45f718603 Mirai32-bit elf mips mirai
http://130.12.180.20:34029/ppcd3a33ffcb6fda21a7452f7507449b038465aa7fc48087839a7c7efe7c523d6c8 Miraielf mirai ua-wget
http://130.12.180.20:34029/spceffa5b76a489de0777fda6ea9c1fd46699987377bada094c570001adc2df5fa9 Miraielf mirai ua-wget
http://130.12.180.20:34029/sh4b69541b3230b41bb3c596fba4f79aa8b0cec4d67c147597f74412f44f395c43a Miraielf mirai ua-wget
http://130.12.180.20:34029/arm41ac2472a7266925354978d482153be974077046d46a8126b9fbd19bd4646eab2 Miraielf mirai ua-wget
http://130.12.180.20:34029/arm5645e42550a44d8d0e0a2abe2b214eed4a608425b4107b9eac8d13a3121f1971a Miraielf mirai ua-wget
http://130.12.180.20:34029/arm689d0c7f66ee96d3d02258a2369e482376291517e3d383a3fb2364ec8abbca6af Miraielf mirai ua-wget
http://130.12.180.20:34029/arm75f522e269bf35cf78d80e6341ec953775adbffaf35871f710255f81d5ca0723c Miraiarm elf geofenced mirai ua-wget USA
http://130.12.180.20:34029/aarch642566d86ddc875b654d294e049c639a521e8af7960091ce21d5b366a20fe391a0 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
36
Origin country :
DE DE
Vendor Threat Intelligence
Gathering data
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive mirai
Link:
https://www.filescan.io/uploads/697f01c32ffccda097653537/reports/cd2be018-113c-4caa-88a0-bf631bfcdca9/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-02-01T03:19:00Z UTC
Last seen:
2026-02-01T06:56:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.cx HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/00a45349617749a482fd911639220412f146df5e5eebd39773654789625dcefc/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/601af927-1ee7-4144-a72b-cf9820baa0a1
Behavior Graph:
Download SVG
%3
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/00a45349617749a482fd911639220412f146df5e5eebd39773654789625dcefc
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/00a45349617749a482fd911639220412f146df5e5eebd39773654789625dcefc/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/00a45349617749a482fd911639220412f146df5e5eebd39773654789625dcefc
Threat name:
Win32.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2026-02-01 07:17:14 UTC
File Type:
Text (Shell)
AV detection:
9 of 24 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=acsfgslbo5e2jax5seldsiqeclyunx26l3v5hf3tmvdysys5z36a._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/260201-jdq7msdw3f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/00a45349617749a482fd911639220412f146df5e5eebd39773654789625dcefc

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 00a45349617749a482fd911639220412f146df5e5eebd39773654789625dcefc

(this sample)

Mirai

elf b6db8bb39c7305a6a0a1024ab9b51e7d7b4c016455865504909644b4381ede78

  
URLhaus
https://urlhaus.abuse.ch/url/3767081/
  
Delivery method
Distributed via web download
  
Dropping
MD5 e4e702be5cd822ec936547dadab7520d
  
Dropping
SHA256 b6db8bb39c7305a6a0a1024ab9b51e7d7b4c016455865504909644b4381ede78

Comments