YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash 2a7d54ba6881ca897caf76b028e5d7dbfd4720d8f440fbd91528c54a4e31a032.
Scan Results
| SHA256 hash: | 2a7d54ba6881ca897caf76b028e5d7dbfd4720d8f440fbd91528c54a4e31a032 | |
|---|---|---|
| File size: | 176'523 bytes | |
| File download: | Original | |
| MIME type: | application/x-executable | |
| MD5 hash: | 83fd531c097ed59ddd22b00dd433c43b | |
| SHA1 hash: | 95b1c48010cae89ef3642094885b21f43ff96eb7 | |
| SHA3-384 hash: | 3f0880d46fd3dce7821f0a76c7fb15ae1a2dc2523a09dbf89547f5d0d179059515683ba123f295d608badb9b9556d2e3 | |
| First seen: | 2026-05-18 07:38:45 UTC | |
| Last seen: | Never | |
| Sightings: | 1 | |
| imphash : | n/a | |
| ssdeep : | 3072:lBPR0atTo8saehF/h9XRpgBcAwjCK9RUdqPyoWAM/9ukDm1M:lBGCPsaehF/h9hpwp6CcR0qPyodM/9uQ | |
| TLSH : | n/a | |
| telfhash : | t13c31fe31573151196ab1d954edec97b2152a87132349ee33df36c8dc181a09be93ec0f | |
| gimphash : | n/a | |
| dhash icon : | n/a | |
Tasks
There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.
Task Information
| Task ID: | 99cecfa8-528c-11f1-badc-42010aa4000b | |
|---|---|---|
| File name: | 2a7d54ba6881ca897caf76b028e5d7dbfd4720d8f440fbd91528c54a4e31a032.elf | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | Sanesecurity.Malware.30435.LC.UNOFFICIAL |
|---|
| Signature: | Unix.Dropper.Mirai-10007027-0 |
|---|
| Signature: | Unix.Dropper.Mirai-7135897-0 |
|---|
| Signature: | Unix.Dropper.Mirai-7135901-0 |
|---|
| Signature: | Unix.Dropper.Mirai-7135909-0 |
|---|
| Signature: | Unix.Dropper.Mirai-7135918-0 |
|---|
| Signature: | Unix.Dropper.Mirai-7135925-0 |
|---|
| Signature: | Unix.Dropper.Mirai-7135954-0 |
|---|
| Signature: | Unix.Dropper.Mirai-7136016-0 |
|---|
| Signature: | Unix.Dropper.Mirai-7136028-0 |
|---|
| Signature: | Unix.Trojan.Mirai-10009361-0 |
|---|
| Signature: | Unix.Trojan.Mirai-10059006-0 |
|---|
| Signature: | Unix.Trojan.Mirai-10059216-0 |
|---|
| Signature: | Unix.Trojan.Mirai-7100807-0 |
|---|
| Signature: | Unix.Trojan.Mirai-7135916-0 |
|---|
| Signature: | Unix.Trojan.Mirai-8025795-0 |
|---|
| Signature: | Unix.Trojan.Mirai-9441505-0 |
|---|
| Signature: | Unix.Trojan.Mirai-9760303-0 |
|---|
| Signature: | YARA.SIGNATURE_BASE_MAL_ARM_LNX_Mirai_Mar13_2022.UNOFFICIAL |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | CP_Script_Inject_Detector |
|---|---|
| Author: | DiegoAnalytics |
| Description: | Detects attempts to inject code into another process across PE, ELF, Mach-O binaries |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | ELF_Mirai |
|---|---|
| Author: | NDA0E |
| Description: | Detects multiple Mirai variants |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | ELF_Toriilike_persist |
|---|---|
| Author: | 4r4 |
| Description: | Detects Torii IoT Botnet (stealthier Mirai alternative) |
| Reference: | Identified via researched data |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | linux_generic_ipv6_catcher |
|---|---|
| Author: | @_lubiedo |
| Description: | ELF samples using IPv6 addresses |
| TLP: | TLP:WHITE |
| Repository: | Stratosphere |
| Rule name: | Linux_Generic_Threat_8299c877 |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
| Rule name: | MAL_ARM_LNX_Mirai_Mar13_2022 |
|---|---|
| Author: | Mehmet Ali Kerimoglu a.k.a. CYB3RMX |
| Description: | Detects new ARM Mirai variant |
| TLP: | TLP:WHITE |
| Repository: | Neo23x0 |
| Rule name: | classified |
|---|---|
| TLP : | TLP:AMBER |
| Rule name: | setsockopt |
|---|---|
| Author: | Tim Brown @timb_machine |
| Description: | Hunts for setsockopt() red flags |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
| Rule name: | SUSP_XORed_Mozilla_Oct19 |
|---|---|
| Author: | Florian Roth |
| Description: | Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. |
| Reference: | https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force() |
| TLP: | TLP:WHITE |
| Repository: | Neo23x0 |
| Rule name: | SUSP_XORed_Mozilla_RID2DB4 |
|---|---|
| Author: | Florian Roth |
| Description: | Detects suspicious XORed keyword - Mozilla/5.0 |
| Reference: | Internal Research |
| TLP: | TLP:WHITE |
| Rule name: | TH_Generic_MassHunt_Linux_Malware_2026_CYFARE |
|---|---|
| Author: | CYFARE |
| Description: | Generic Linux malware mass-hunt rule - 2026 |
| Reference: | https://cyfare.net/ |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | unixredflags3 |
|---|---|
| Author: | Tim Brown @timb_machine |
| Description: | Hunts for UNIX red flags |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter