MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e16a3a60f39ce83cfa19ba50fe88b109cb02096126ac9e1c7cfeb8f64a432618. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e16a3a60f39ce83cfa19ba50fe88b109cb02096126ac9e1c7cfeb8f64a432618
SHA3-384 hash: 915fd80ad20da9b5d9809fb3ac8bcec16562189dd0c1c19234998c643f220b324166bf95f652e45d2fd69615494e1461
SHA1 hash: 34798322fd07431b5c5e90e41ebc5be7f77fd102
MD5 hash: b2c3f11d3e90143fdf6c4226c9c088c2
humanhash: jig-sink-oven-xray
File name:bin.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:3'371 bytes
First seen:2026-04-16 11:58:48 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 96:m0GNlzGNlInbKWebKWHg2JJJf2JJJMV1c0U1c0lhPJ4YQPJ4YpjZJG66ZJG6Lu08:Nt605hn05hOn7E447E4U
TLSH T17361AFA7C3BD4C231555DF0AF690D2A9680541F26EF353F8C9B5EB9246530B8B283725
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://2.26.98.67/hiddenbin/boatnet.arm5d4a7453c4ef279e9581aafb9057f7fdc2499e77524df3d38d390aab46308b4c Miraimirai
http://2.26.98.67/hiddenbin/boatnet.arm5n/an/an/a
http://2.26.98.67/hiddenbin/boatnet.arm6dbcc8e8dabe18770063ed3a04ab5e5ea2b5435bee8bc99d77494e8394dc2a7d2 Miraimirai
http://2.26.98.67/hiddenbin/boatnet.arm7ead90ddaafcf6e19d333f7bceab60464e555aeb970f6df9c85f3084002670f2c Miraimirai
http://2.26.98.67/hiddenbin/boatnet.i4863dd99c4736de0a158bbf4bb620ac1eea42327c570ddbe3650e720b10e2dee30f Miraimirai
http://2.26.98.67/hiddenbin/boatnet.i686e890b31302fdacb32df6b187eda07880c34066945fe30f31aa3ac460b8a5aa36 Miraimirai
http://2.26.98.67/hiddenbin/boatnet.m68k7b234f3ec508c0e42708caae2394e1f16e0ac3e9e65593aea4fd6eb7458ac0f7 Miraimirai
http://2.26.98.67/hiddenbin/boatnet.mips07b20b5ffe00d3f8449b68baa11a090603ba0191991af86afb31168a7abf2ffd Miraimirai
http://2.26.98.67/hiddenbin/boatnet.mpsl65ea796df37d0d22f00de1091433987371304ee97bc5e2fb656d56112aacf7df Miraimirai
http://2.26.98.67/hiddenbin/boatnet.ppc732b5aed62edc80735e76b0073e5e733e297fb0958d2bc9675102c906388ae40 Miraimirai
http://2.26.98.67/hiddenbin/boatnet.sh45d2b45b3ea265f1ee621d7b9d75c96f177d2b135158db93fde213c56a63ba726 Miraimirai
http://2.26.98.67/hiddenbin/boatnet.spc366a48d51282fc19bc1b8f25cd907fd871ca8fad9d86f02ff3220a07d49756e5 Miraimirai
http://2.26.98.67/hiddenbin/boatnet.x86e9f19fbf4c638d1095e3e978e157573db45fd9c251215c582559e314cd07c27d Miraimirai
http://2.26.98.67/hiddenbin/boatnet.x86_64c8ac1b479721ae4857cb0c6ff3d011b3248eae14519d26a8167eee58fd41f287 Miraimirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
39
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Gathering data
Result
Gathering data
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-04-13T13:53:00Z UTC
Last seen:
2026-04-16T00:59:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/e16a3a60f39ce83cfa19ba50fe88b109cb02096126ac9e1c7cfeb8f64a432618/results?tab=lookup
Gathering data
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/e16a3a60f39ce83cfa19ba50fe88b109cb02096126ac9e1c7cfeb8f64a432618
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e16a3a60f39ce83cfa19ba50fe88b109cb02096126ac9e1c7cfeb8f64a432618/
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2026-04-13 17:07:44 UTC
File Type:
Text (Shell)
AV detection:
15 of 36 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4fvduyhtttudz6qzxjip5cfrbhfqeclbe2wj4hd4724pmssdeyma._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
antivm defense_evasion discovery linux upx
Link:
https://tria.ge/reports/260416-n5xwqad17m/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Checks CPU configuration
UPX packed file
File and Directory Permissions Modification
Executes dropped EXE
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/e16a3a60f39c/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.16
Link:
https://yomi.yoroi.company/submissions/e16a3a60f39ce83cfa19ba50fe88b109cb02096126ac9e1c7cfeb8f64a432618

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders
Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh e16a3a60f39ce83cfa19ba50fe88b109cb02096126ac9e1c7cfeb8f64a432618

(this sample)

Mirai

elf 93b159ee508bdca1ef3960714d7f923f4b47fa7c848152c7e26183f43918a7e6

Mirai

elf 5d4a7453c4ef279e9581aafb9057f7fdc2499e77524df3d38d390aab46308b4c

  
URLhaus
https://urlhaus.abuse.ch/url/3823622/
  
Delivery method
Distributed via web download
  
Dropping
MD5 20d488b27f9c44b74bff3035ca2a1464
  
Dropping
SHA256 5d4a7453c4ef279e9581aafb9057f7fdc2499e77524df3d38d390aab46308b4c

Comments