YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash f271296e8bc49b4471960e07930ce0e1c4e78b4af4e89d03b83e129db6f36e28.

Scan Results

SHA256 hash: f271296e8bc49b4471960e07930ce0e1c4e78b4af4e89d03b83e129db6f36e28
File size:55'728 bytes
File download: Original
MIME type:application/x-executable
MD5 hash: 82a766f6ece94827c7a3a484bf0cdf49
SHA1 hash: 123bbbf67fafceb4c0561ed448d60f5f71c2a5fb
SHA3-384 hash: 0e62fa1d50c37c70d42522b02680b7afadcf013a8dc9a26934fc9cc5695d913db9396c786b071faf58f7fd0aede98c2c
First seen:2025-12-26 20:42:05 UTC
Last seen:2025-12-26 20:45:38 UTC
Sightings:5
imphash :n/a
ssdeep : 768:m44WYyBu2oSC+jWYK8/gnxaE1omhmBx1C7WkPVgf9gJYfOtS3a1s+vP/AIGD:m44qBNK8/gnc5mQBzC7WJbL3a9Y5
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks

There are 5 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:d5b28bff-e29b-11f0-9df4-42010aa4000b
File name:f271296e8bc49b4471960e07930ce0e1c4e78b4af4e89d03b83e129db6f36e28.elf
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:Sanesecurity.Malware.32133.LX.BOT.UNOFFICIAL
Create hunting rule
Signature:Unix.Trojan.Mirai-9858729-0
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:ELF_Toriilike_persist
Create hunting rule
Author:4r4
Description:Detects Torii IoT Botnet (stealthier Mirai alternative)
Reference:Identified via researched data
TLP:TLP:WHITE
Repository:YARAify
Rule name:unixredflags3
Create hunting rule
Author:Tim Brown @timb_machine
Description:Hunts for UNIX red flags
TLP:TLP:WHITE
Repository:MalwareBazaar

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.

Task Information

Task ID:c09aedc1-e29b-11f0-9df4-42010aa4000b
File name:f271296e8bc49b4471960e07930ce0e1c4e78b4af4e89d03b83e129db6f36e28
Task parameters:ClamAV scan:True
Unpack:True
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:Sanesecurity.Malware.32133.LX.BOT.UNOFFICIAL
Create hunting rule
Signature:Unix.Trojan.Mirai-9858729-0
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:ELF_Toriilike_persist
Create hunting rule
Author:4r4
Description:Detects Torii IoT Botnet (stealthier Mirai alternative)
Reference:Identified via unique string 'npxXoudifFeEgGaACScs'
TLP:TLP:WHITE
Repository:YARAify
Rule name:unixredflags3
Create hunting rule
Author:Tim Brown @timb_machine
Description:Hunts for UNIX red flags
TLP:TLP:WHITE
Repository:MalwareBazaar

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.

Task Information

Task ID:9d3d0247-e29b-11f0-9df4-42010aa4000b
File name:f271296e8bc49b4471960e07930ce0e1c4e78b4af4e89d03b83e129db6f36e28
Task parameters:ClamAV scan:True
Unpack:True
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:Sanesecurity.Malware.32133.LX.BOT.UNOFFICIAL
Create hunting rule
Signature:Unix.Trojan.Mirai-9858729-0
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:ELF_Toriilike_persist
Create hunting rule
Author:4r4
Description:Detects Torii IoT Botnet (stealthier Mirai alternative)
Reference:Identified via unique string 'npxXoudifFeEgGaACScs'
TLP:TLP:WHITE
Repository:YARAify
Rule name:unixredflags3
Create hunting rule
Author:Tim Brown @timb_machine
Description:Hunts for UNIX red flags
TLP:TLP:WHITE
Repository:MalwareBazaar

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.

Task Information

Task ID:7a1070e1-e29b-11f0-9df4-42010aa4000b
File name:f271296e8bc49b4471960e07930ce0e1c4e78b4af4e89d03b83e129db6f36e28
Task parameters:ClamAV scan:True
Unpack:True
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:Sanesecurity.Malware.32133.LX.BOT.UNOFFICIAL
Create hunting rule
Signature:Unix.Trojan.Mirai-9858729-0
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:ELF_Toriilike_persist
Create hunting rule
Author:4r4
Description:Detects Torii IoT Botnet (stealthier Mirai alternative)
Reference:Identified via unique string 'npxXoudifFeEgGaACScs'
TLP:TLP:WHITE
Repository:YARAify
Rule name:unixredflags3
Create hunting rule
Author:Tim Brown @timb_machine
Description:Hunts for UNIX red flags
TLP:TLP:WHITE
Repository:MalwareBazaar

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.

Task Information

Task ID:570ec71e-e29b-11f0-9df4-42010aa4000b
File name:f271296e8bc49b4471960e07930ce0e1c4e78b4af4e89d03b83e129db6f36e28
Task parameters:ClamAV scan:True
Unpack:True
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:Sanesecurity.Malware.32133.LX.BOT.UNOFFICIAL
Create hunting rule
Signature:Unix.Trojan.Mirai-9858729-0
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:ELF_Toriilike_persist
Create hunting rule
Author:4r4
Description:Detects Torii IoT Botnet (stealthier Mirai alternative)
Reference:Identified via unique string 'npxXoudifFeEgGaACScs'
TLP:TLP:WHITE
Repository:YARAify
Rule name:unixredflags3
Create hunting rule
Author:Tim Brown @timb_machine
Description:Hunts for UNIX red flags
TLP:TLP:WHITE
Repository:MalwareBazaar

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.