MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 91316361fd9542e59daf8fb0825dd41f40793342d8ed8deede65bd761d280edb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	91316361fd9542e59daf8fb0825dd41f40793342d8ed8deede65bd761d280edb
SHA3-384 hash:	c2ebf61267b31044de95805d4d091d5c260c57721cb8cb388c20a3c5cdf3564bc51536d25c01beaba6c08ed7f9c86f05
SHA1 hash:	4337f89da6e65464bf7ddf63d6de2c0e6c2bd960
MD5 hash:	55c0419e1745de8fac66cb2c3fc7bebd
humanhash:	july-bluebird-california-mockingbird
File name:	bins.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	1'662 bytes
First seen:	2026-04-24 23:56:15 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	48:XoMr9x17KR71R4R1Rq1eZ1FO1AU1AI10U1jv17w1wV171KDGuBYDaS8k6Ju1RE76:XL9x17W7jG1s1814171/1n1L181W17tP
TLSH	T162312591F425F437F0569B75DB4BB320687234070558EB64F5CEA2A0BF9906C62B4B74
TrID	70.0% (.SH) Linux/UNIX shell script (7000/1) 30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika	shell
Reporter	abuse_ch
Tags:	mirai sh

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Gathering data

Verdict:

Malicious

File Type:

unix shell

First seen:

2026-04-24T21:04:00Z UTC

Last seen:

2026-04-26T13:04:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/91316361fd9542e59daf8fb0825dd41f40793342d8ed8deede65bd761d280edb/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/68368751-368d-4cbb-9cac-34690aa913fd

Behavior Graph:

Download SVG

Score:

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/91316361fd9542e59daf8fb0825dd41f40793342d8ed8deede65bd761d280edb

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/91316361fd9542e59daf8fb0825dd41f40793342d8ed8deede65bd761d280edb/

Verdict:

Malicious

Threat:

Family.MIRAI

Link:

https://tip.neiki.dev/file/91316361fd9542e59daf8fb0825dd41f40793342d8ed8deede65bd761d280edb

Threat name:

Linux.Trojan.Generic

Status:

Suspicious

First seen:

2026-04-24 23:56:43 UTC

File Type:

Text (Shell)

AV detection:

6 of 24 (25.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=seywgyp5svbolhnpr6yiexoud5ahsm2c3dwy33w6mw6xmhjib3nq._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai botnet:lzrd botnet defense_evasion discovery execution linux persistence privilege_escalation upx

Link:

https://tria.ge/reports/260424-3y9n9sgy5z/

Behaviour

Enumerates kernel/hardware configuration

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

UPX packed file

Creates/modifies Cron job

Enumerates running processes

Modifies rc script

Modifies systemd

Writes file to system bin folder

File and Directory Permissions Modification

Executes dropped EXE

Modifies Watchdog functionality

Family: Mirai

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.80

Link:

https://yomi.yoroi.company/submissions/91316361fd9542e59daf8fb0825dd41f40793342d8ed8deede65bd761d280edb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 91316361fd9542e59daf8fb0825dd41f40793342d8ed8deede65bd761d280edb

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3828831/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample