MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e45e21eafca4ff66e1457fea7ea9975ce46c81015574c246de5ba2cb8e967db4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 6

Intelligence 6 IOCs YARA 1 File information Comments

SHA256 hash:	e45e21eafca4ff66e1457fea7ea9975ce46c81015574c246de5ba2cb8e967db4
SHA3-384 hash:	cd34d39dae268d51fe88b6417dee5484af3c0e585414117e6a16e9493ffa83729a74d3963d274b6b81ec6f580a427b11
SHA1 hash:	656e1c5b8ac6c51d8e18ccb3bd38e0caba345352
MD5 hash:	801525593823fd29a44e4074f6f6efd3
humanhash:	pizza-crazy-pasta-eleven
File name:	ipcams.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	4'504 bytes
First seen:	2026-03-16 17:23:51 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	48:ZboGEHYFYFWFFFjsBtUoYtzEFt4t+t+t0t0t0LtIFYFWFFFptitgt5sPpoUxE7fO:ZbNEHuZnEpiu9Eq4s1
TLSH	T1969117CC7021842758C68E4CA46AD3A753D893A5D99CC01C55A8FE3B3192FFA78FAF01
TrID	70.0% (.SH) Linux/UNIX shell script (7000/1) 30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika	shell
Reporter	juroots
Tags:	mirai sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://88.214.20.14/bins/tuxnokill.x86	a9c595b2c94cbcd3c93fdc72705b502080848f45f41a4142ad77c5a5f4326b0b	Mirai	mirai
http://88.214.20.14/bins/tuxnokill.mips	3b7d02c7d5fae025badfbb801059183029189d85d00aac04311247e4f5f4030a	Mirai	mirai
http://88.214.20.14/bins/tuxnokill.mpsl	234f547c6940b136c16b743950b1b503fffb0fa852b123a107b883a2161b8e5f	Mirai	mirai
http://88.214.20.14/bins/tuxnokill.arm	409c149979a739286e87e55f730410fbc14fe39a2685135b21f7cf6f51bcf466	Mirai	mirai
http://88.214.20.14/bins/tuxnokill.arc	557a7680cac8a83c98f5059b6c11dda33df085e931a53817685ad6427645a3c9	Mirai	mirai
http://88.214.20.14/bins/tuxnokill.arm4	n/a	n/a	elf ua-wget
http://88.214.20.14/bins/tuxnokill.arm5	95d0933e9e2906f5f5df011e5afd2e04161dbac4d4618e0b2ebcee54e91bff5d	Mirai	mirai
http://88.214.20.14/bins/tuxnokill.arm6	501776d5ac80fb72e7c11ce98e4b1cfb16615d76293166a864ba05a62e7f4ff3	Mirai	mirai
http://88.214.20.14/bins/tuxnokill.arm7	c6535cc21940b7be719621fd9b791ddbc33d9be9b4ac050a23d8542c82cae9d6	Mirai	mirai
http://88.214.20.14/bins/tuxnokill.ppc	8cff96f1e570b6eae7b433cebaffc9a6d6a32f6927271ed2e5c3e3866f35ef6c	Mirai	mirai
http://88.214.20.14/bins/tuxnokill.m68k	a065f1dd35f3bf8f2dc8b25a09273b751fee7a4dba6623b41be874bf42aa5185	Mirai	mirai
http://88.214.20.14/bins/tuxnokill.sh4	ddba21e124054e17b84c367320b1e9dcbc8354c39895b6f1eca489841e8eade0	Mirai	mirai

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Gathering data

Verdict:

Malicious

File Type:

unix shell

Detections:

HEUR:Trojan-Downloader.Shell.Agent.gen

Link:

https://opentip.kaspersky.com/e45e21eafca4ff66e1457fea7ea9975ce46c81015574c246de5ba2cb8e967db4/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/d2246028-23b8-4ae8-a5db-88ba2dca4f39

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/e45e21eafca4ff66e1457fea7ea9975ce46c81015574c246de5ba2cb8e967db4

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e45e21eafca4ff66e1457fea7ea9975ce46c81015574c246de5ba2cb8e967db4/

Verdict:

Malicious

Threat:

Family.MIRAI

Link:

https://tip.neiki.dev/file/e45e21eafca4ff66e1457fea7ea9975ce46c81015574c246de5ba2cb8e967db4

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=4rpcd2x4ut7wnykfp7vh5kmxltsgzaibkv2merw6lormxduwpw2a._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai antivm botnet defense_evasion discovery linux

Link:

https://tria.ge/reports/260316-vy3lyset41/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Changes its process name

Checks CPU configuration

Reads system network configuration

Enumerates active TCP sockets

File and Directory Permissions Modification

Executes dropped EXE

Modifies Watchdog functionality

Contacts a large (85850) amount of remote hosts

Creates a large amount of network flows

Mirai

Mirai family

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	MAL_Linux_IoT_MultiArch_BotnetLoader_Generic Create hunting rule
Author:	Anish Bogati
Description:	Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:	MalwareBazaar sample lilin.sh