YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash b29321afad103ba0907cd40c9c0a815a82f3ec02849be18d128a6f17b0ac6033.
Scan Results
| SHA256 hash: | b29321afad103ba0907cd40c9c0a815a82f3ec02849be18d128a6f17b0ac6033 | |
|---|---|---|
| File size: | 77'580 bytes | |
| File download: | Original | |
| MIME type: | application/x-executable | |
| MD5 hash: | 3e1457e8b5659a01f0e9ceed597abbda | |
| SHA1 hash: | 15175a3a4269c103174d77fe30f2d1ab5ce672fb | |
| SHA3-384 hash: | de62660d5620bfd050a5feb79a60299d9c0a6107392da87569d37fd1288ea11b92e467d937ed6b832f511e73fa7217fb | |
| First seen: | 2025-12-26 20:41:03 UTC | |
| Last seen: | 2025-12-26 20:45:37 UTC | |
| Sightings: | 5 | |
| imphash : | n/a | |
| ssdeep : | 1536:vfK01vgVITjd82IvoFeQyXVU15QvbSXYDzznB8DNd9gH6rhgw:vi01oVITjcokQyXVU1mb++c9g0Ow | |
| TLSH : | n/a | |
| telfhash : | n/a | |
| gimphash : | n/a | |
| dhash icon : | n/a | |
Tasks
There are 5 tasks on YARAify for this particular file. The 10 most recent ones are shown below.
Task Information
| Task ID: | d5587d51-e29b-11f0-9df4-42010aa4000b | |
|---|---|---|
| File name: | b29321afad103ba0907cd40c9c0a815a82f3ec02849be18d128a6f17b0ac6033.elf | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | Unix.Trojan.Gafgyt-7782058-0 |
|---|
| Signature: | Unix.Trojan.Mirai-10018298-0 |
|---|
| Signature: | Unix.Trojan.Mirai-6981989-0 |
|---|
| Signature: | Unix.Trojan.Mirai-9858729-0 |
|---|
| Signature: | Unix.Trojan.Mirai-9940650-0 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | ELF_Toriilike_persist |
|---|---|
| Author: | 4r4 |
| Description: | Detects Torii IoT Botnet (stealthier Mirai alternative) |
| Reference: | Identified via researched data |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | unixredflags3 |
|---|---|
| Author: | Tim Brown @timb_machine |
| Description: | Hunts for UNIX red flags |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
Unpacker
The following YARA rules matched on the unpacked file.
Unpacked Files
The following files could be unpacked from this sample.
Task Information
| Task ID: | 9cac51b8-e29b-11f0-9df4-42010aa4000b | |
|---|---|---|
| File name: | b29321afad103ba0907cd40c9c0a815a82f3ec02849be18d128a6f17b0ac6033 | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | True | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | Unix.Trojan.Gafgyt-7782058-0 |
|---|
| Signature: | Unix.Trojan.Mirai-10018298-0 |
|---|
| Signature: | Unix.Trojan.Mirai-6981989-0 |
|---|
| Signature: | Unix.Trojan.Mirai-9858729-0 |
|---|
| Signature: | Unix.Trojan.Mirai-9940650-0 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | ELF_Toriilike_persist |
|---|---|
| Author: | 4r4 |
| Description: | Detects Torii IoT Botnet (stealthier Mirai alternative) |
| Reference: | Identified via unique string 'npxXoudifFeEgGaACScs' |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | unixredflags3 |
|---|---|
| Author: | Tim Brown @timb_machine |
| Description: | Hunts for UNIX red flags |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
Unpacker
The following YARA rules matched on the unpacked file.
Unpacked Files
The following files could be unpacked from this sample.
Task Information
| Task ID: | 79864ccd-e29b-11f0-9df4-42010aa4000b | |
|---|---|---|
| File name: | b29321afad103ba0907cd40c9c0a815a82f3ec02849be18d128a6f17b0ac6033 | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | True | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | Unix.Trojan.Gafgyt-7782058-0 |
|---|
| Signature: | Unix.Trojan.Mirai-10018298-0 |
|---|
| Signature: | Unix.Trojan.Mirai-6981989-0 |
|---|
| Signature: | Unix.Trojan.Mirai-9858729-0 |
|---|
| Signature: | Unix.Trojan.Mirai-9940650-0 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | ELF_Toriilike_persist |
|---|---|
| Author: | 4r4 |
| Description: | Detects Torii IoT Botnet (stealthier Mirai alternative) |
| Reference: | Identified via unique string 'npxXoudifFeEgGaACScs' |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | unixredflags3 |
|---|---|
| Author: | Tim Brown @timb_machine |
| Description: | Hunts for UNIX red flags |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
Unpacker
The following YARA rules matched on the unpacked file.
Unpacked Files
The following files could be unpacked from this sample.
Task Information
| Task ID: | 55e72f50-e29b-11f0-9df4-42010aa4000b | |
|---|---|---|
| File name: | b29321afad103ba0907cd40c9c0a815a82f3ec02849be18d128a6f17b0ac6033 | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | True | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | Unix.Trojan.Gafgyt-7782058-0 |
|---|
| Signature: | Unix.Trojan.Mirai-10018298-0 |
|---|
| Signature: | Unix.Trojan.Mirai-6981989-0 |
|---|
| Signature: | Unix.Trojan.Mirai-9858729-0 |
|---|
| Signature: | Unix.Trojan.Mirai-9940650-0 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | ELF_Toriilike_persist |
|---|---|
| Author: | 4r4 |
| Description: | Detects Torii IoT Botnet (stealthier Mirai alternative) |
| Reference: | Identified via unique string 'npxXoudifFeEgGaACScs' |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | unixredflags3 |
|---|---|
| Author: | Tim Brown @timb_machine |
| Description: | Hunts for UNIX red flags |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
Unpacker
The following YARA rules matched on the unpacked file.
Unpacked Files
The following files could be unpacked from this sample.
Task Information
| Task ID: | 321b19bb-e29b-11f0-9df4-42010aa4000b | |
|---|---|---|
| File name: | b29321afad103ba0907cd40c9c0a815a82f3ec02849be18d128a6f17b0ac6033 | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | True | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | Unix.Trojan.Gafgyt-7782058-0 |
|---|
| Signature: | Unix.Trojan.Mirai-10018298-0 |
|---|
| Signature: | Unix.Trojan.Mirai-6981989-0 |
|---|
| Signature: | Unix.Trojan.Mirai-9858729-0 |
|---|
| Signature: | Unix.Trojan.Mirai-9940650-0 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | ELF_Toriilike_persist |
|---|---|
| Author: | 4r4 |
| Description: | Detects Torii IoT Botnet (stealthier Mirai alternative) |
| Reference: | Identified via unique string 'npxXoudifFeEgGaACScs' |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | unixredflags3 |
|---|---|
| Author: | Tim Brown @timb_machine |
| Description: | Hunts for UNIX red flags |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
Unpacker
The following YARA rules matched on the unpacked file.
Unpacked Files
The following files could be unpacked from this sample.