YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 04b678c432faa97ffc08295ab79b08b5112e05e710d33d9452f229d905a6f3bb.

SHA256 hash:	04b678c432faa97ffc08295ab79b08b5112e05e710d33d9452f229d905a6f3bb
File size:	4'230 bytes
File download:	Original
MIME type:	text/x-shellscript
MD5 hash:	e572bd38325694ca8f6cbf04d9a39718
SHA1 hash:	0af993e3d02564ef074b9753d62abf04ac45a2dd
SHA3-384 hash:	822acd6ec8a754f583832570698886b7c86a045668fca53638dfaa24db265868e7997e24eda7528859572c602e5e93f4
First seen:	2025-12-30 21:20:18 UTC
Last seen:	Never
Sightings:	1
imphash :	n/a
ssdeep :	48:vIULU+3lUEUWEUcUbUdUGUJUuUiUBURUnn:vIULUeUEUWEUcUbUdUGUJUuUiUBURUnn
TLSH :	n/a
telfhash :	n/a
gimphash :	n/a
dhash icon :	n/a

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

The file matched the following open source and commercial ClamAV rules.

Signature:	Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL Create hunting rule

Signature:	SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL Create hunting rule

Signature:	SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL Create hunting rule

The following YARA rules matched on the file (static analysis).

Rule name:	Linux_Shellscript_Downloader Create hunting rule
Author:	albertzsigovits
Description:	Generic Approach to Shellscript downloaders
TLP:	TLP:WHITE

Rule name:	MAL_Linux_IoT_MultiArch_BotnetLoader_Generic Create hunting rule
Author:	Anish Bogati
Description:	Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:	MalwareBazaar sample lilin.sh
TLP:	TLP:WHITE
Repository:	YARAify

The following YARA rules matched on the unpacked file.

Disabled by submitter

The following files could be unpacked from this sample.

Disabled by submitter

2025-12-30 21:20:18 UTC Static: 2 Unpacker: 0 ClamAV: 3