YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash 38139402d78e9dcd09f03a7fa8f97b48c446d0910886410b30351694cce2f66c.
Scan Results
| SHA256 hash: | 38139402d78e9dcd09f03a7fa8f97b48c446d0910886410b30351694cce2f66c | |
|---|---|---|
| File size: | 71'064 bytes | |
| File download: | Original | |
| MIME type: | application/x-executable | |
| MD5 hash: | 6b2ea600258a4177df3cc3423e6069ff | |
| SHA1 hash: | 527139db4d3ac7f88e23b5d7c718613f71be09b9 | |
| SHA3-384 hash: | 0ae800227cd6215c26ba8982cb21054d34771ac48098ea10b2295ad43e24655563ad692afb10b557ad25f6e3a31fe6c4 | |
| First seen: | 2025-12-26 20:40:05 UTC | |
| Last seen: | 2025-12-26 20:45:37 UTC | |
| Sightings: | 6 | |
| imphash : | n/a | |
| ssdeep : | 1536:zuLdvs9GY0OKYxsXseICCMli5Xj3iPglHM1:dJKYfeICpE+Yq | |
| TLSH : | n/a | |
| telfhash : | n/a | |
| gimphash : | n/a | |
| dhash icon : | n/a | |
Tasks
There are 6 tasks on YARAify for this particular file. The 10 most recent ones are shown below.
Task Information
| Task ID: | d54ada48-e29b-11f0-9df4-42010aa4000b | |
|---|---|---|
| File name: | 38139402d78e9dcd09f03a7fa8f97b48c446d0910886410b30351694cce2f66c.elf | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | Sanesecurity.Malware.32133.LX.BOT.UNOFFICIAL |
|---|
| Signature: | Unix.Trojan.Mirai-9858729-0 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | ELF_Toriilike_persist |
|---|---|
| Author: | 4r4 |
| Description: | Detects Torii IoT Botnet (stealthier Mirai alternative) |
| Reference: | Identified via researched data |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | unixredflags3 |
|---|---|
| Author: | Tim Brown @timb_machine |
| Description: | Hunts for UNIX red flags |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
Unpacker
The following YARA rules matched on the unpacked file.
Unpacked Files
The following files could be unpacked from this sample.
Task Information
| Task ID: | 9c9af2dc-e29b-11f0-9df4-42010aa4000b | |
|---|---|---|
| File name: | 38139402d78e9dcd09f03a7fa8f97b48c446d0910886410b30351694cce2f66c | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | True | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | Sanesecurity.Malware.32133.LX.BOT.UNOFFICIAL |
|---|
| Signature: | Unix.Trojan.Mirai-9858729-0 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | ELF_Toriilike_persist |
|---|---|
| Author: | 4r4 |
| Description: | Detects Torii IoT Botnet (stealthier Mirai alternative) |
| Reference: | Identified via unique string 'npxXoudifFeEgGaACScs' |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | unixredflags3 |
|---|---|
| Author: | Tim Brown @timb_machine |
| Description: | Hunts for UNIX red flags |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
Unpacker
The following YARA rules matched on the unpacked file.
Unpacked Files
The following files could be unpacked from this sample.
Task Information
| Task ID: | 79736ca1-e29b-11f0-9df4-42010aa4000b | |
|---|---|---|
| File name: | 38139402d78e9dcd09f03a7fa8f97b48c446d0910886410b30351694cce2f66c | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | True | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | Sanesecurity.Malware.32133.LX.BOT.UNOFFICIAL |
|---|
| Signature: | Unix.Trojan.Mirai-9858729-0 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | ELF_Toriilike_persist |
|---|---|
| Author: | 4r4 |
| Description: | Detects Torii IoT Botnet (stealthier Mirai alternative) |
| Reference: | Identified via unique string 'npxXoudifFeEgGaACScs' |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | unixredflags3 |
|---|---|
| Author: | Tim Brown @timb_machine |
| Description: | Hunts for UNIX red flags |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
Unpacker
The following YARA rules matched on the unpacked file.
Unpacked Files
The following files could be unpacked from this sample.
Task Information
| Task ID: | 55cf3c60-e29b-11f0-9df4-42010aa4000b | |
|---|---|---|
| File name: | 38139402d78e9dcd09f03a7fa8f97b48c446d0910886410b30351694cce2f66c | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | True | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | Sanesecurity.Malware.32133.LX.BOT.UNOFFICIAL |
|---|
| Signature: | Unix.Trojan.Mirai-9858729-0 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | ELF_Toriilike_persist |
|---|---|
| Author: | 4r4 |
| Description: | Detects Torii IoT Botnet (stealthier Mirai alternative) |
| Reference: | Identified via unique string 'npxXoudifFeEgGaACScs' |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | unixredflags3 |
|---|---|
| Author: | Tim Brown @timb_machine |
| Description: | Hunts for UNIX red flags |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
Unpacker
The following YARA rules matched on the unpacked file.
Unpacked Files
The following files could be unpacked from this sample.
Task Information
| Task ID: | 31f41014-e29b-11f0-9df4-42010aa4000b | |
|---|---|---|
| File name: | 38139402d78e9dcd09f03a7fa8f97b48c446d0910886410b30351694cce2f66c | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | True | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | Sanesecurity.Malware.32133.LX.BOT.UNOFFICIAL |
|---|
| Signature: | Unix.Trojan.Mirai-9858729-0 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | ELF_Toriilike_persist |
|---|---|
| Author: | 4r4 |
| Description: | Detects Torii IoT Botnet (stealthier Mirai alternative) |
| Reference: | Identified via unique string 'npxXoudifFeEgGaACScs' |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | unixredflags3 |
|---|---|
| Author: | Tim Brown @timb_machine |
| Description: | Hunts for UNIX red flags |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
Unpacker
The following YARA rules matched on the unpacked file.
Unpacked Files
The following files could be unpacked from this sample.
Task Information
| Task ID: | 0f3b5565-e29b-11f0-9df4-42010aa4000b | |
|---|---|---|
| File name: | 38139402d78e9dcd09f03a7fa8f97b48c446d0910886410b30351694cce2f66c | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | True | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | Sanesecurity.Malware.32133.LX.BOT.UNOFFICIAL |
|---|
| Signature: | Unix.Trojan.Mirai-9858729-0 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | ELF_Toriilike_persist |
|---|---|
| Author: | 4r4 |
| Description: | Detects Torii IoT Botnet (stealthier Mirai alternative) |
| Reference: | Identified via unique string 'npxXoudifFeEgGaACScs' |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | unixredflags3 |
|---|---|
| Author: | Tim Brown @timb_machine |
| Description: | Hunts for UNIX red flags |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
Unpacker
The following YARA rules matched on the unpacked file.
Unpacked Files
The following files could be unpacked from this sample.