YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 4641db7fcc6016646eabbec769d67a4d52eb3c2803272045ba9aeb10d83878dc.

Scan Results

SHA256 hash:	4641db7fcc6016646eabbec769d67a4d52eb3c2803272045ba9aeb10d83878dc
File size:	208'116 bytes
File download:	Original
MIME type:	application/x-executable
MD5 hash:	073349fbecfd8384d834e2a6039f5319
SHA1 hash:	0c5a4a7bd67a6efb7f0bc6ab27c4bd7c0899446b
SHA3-384 hash:	9ff1a95dafea6849f3506636067d50f44c6ed1dbdd8a8b6f9b3e4192920a45e9f3ccfc707f2a83022e6f0c03952469a9
First seen:	2026-03-13 19:19:02 UTC
Last seen:	2026-03-13 19:22:02 UTC
Sightings:	5
imphash :	n/a
ssdeep :	3072:CVaQY6iDYe6g9sZW2ViQ676iw/3PJr+9e50Z8hKVxnh:CVaQYHbpac6T35+9eiISnh
TLSH :	n/a
telfhash :	t1d341b2180d7813e0a7255c4d09adff76d6a321ea7f162d338e61e85aeb69b834d10c0c Create hunting rule
gimphash :	n/a
dhash icon :	n/a

Tasks

There are 5 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:	e9c8fbc5-1f11-11f1-b47f-42010aa4000b
File name:	4641db7fcc6016646eabbec769d67a4d52eb3c2803272045ba9aeb10d83878dc
Task parameters:	ClamAV scan:	True
	Unpack:	True
	Share file:	True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:	Sanesecurity.Malware.28886.LC.UNOFFICIAL Create hunting rule

Signature:	Sanesecurity.Malware.29325.LC.Pl.UNOFFICIAL Create hunting rule

Signature:	Sanesecurity.Malware.32133.LX.BOT.UNOFFICIAL Create hunting rule

Signature:	SecuriteInfo.com.Linux.Mirai-81.UNOFFICIAL Create hunting rule

Signature:	Unix.Dropper.Mirai-10007027-0 Create hunting rule

Signature:	Unix.Trojan.Mirai-10009361-0 Create hunting rule

Signature:	Unix.Trojan.Mirai-10011027-0 Create hunting rule

Signature:	Unix.Trojan.Mirai-10011918-0 Create hunting rule

Signature:	Unix.Trojan.Mirai-8041698-0 Create hunting rule

Signature:	Unix.Trojan.Mirai-9441505-0 Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:	ELF_IoT_Persistence_Hunt Create hunting rule
Author:	4r4
Description:	Hunts for ELF files with persistence and download capabilities
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	ELF_Mirai Create hunting rule
Author:	NDA0E
Description:	Detects multiple Mirai variants
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	ELF_Toriilike_persist Create hunting rule
Author:	4r4
Description:	Detects Torii IoT Botnet (stealthier Mirai alternative)
Reference:	Identified via researched data
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	linux_generic_ipv6_catcher Create hunting rule
Author:	@_lubiedo
Description:	ELF samples using IPv6 addresses
TLP:	TLP:WHITE
Repository:	Stratosphere

Rule name:	Linux_Trojan_Gafgyt_28a2fe0c Create hunting rule
Author:	Elastic Security
TLP:	TLP:WHITE
Repository:	elastic

Rule name:	classified
TLP :	TLP:AMBER

Rule name:	unixredflags3 Create hunting rule
Author:	Tim Brown @timb_machine
Description:	Hunts for UNIX red flags
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Unpacker

The following YARA rules matched on the unpacked file.

No matches

Unpacked Files

The following files could be unpacked from this sample.

No unpacked files found

Task Information

Task ID:	c5fb0565-1f11-11f1-b47f-42010aa4000b
File name:	4641db7fcc6016646eabbec769d67a4d52eb3c2803272045ba9aeb10d83878dc
Task parameters:	ClamAV scan:	True
	Unpack:	True
	Share file:	True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:	Sanesecurity.Malware.28886.LC.UNOFFICIAL Create hunting rule

Signature:	Sanesecurity.Malware.29325.LC.Pl.UNOFFICIAL Create hunting rule

Signature:	Sanesecurity.Malware.32133.LX.BOT.UNOFFICIAL Create hunting rule

Signature:	SecuriteInfo.com.Linux.Mirai-81.UNOFFICIAL Create hunting rule

Signature:	Unix.Dropper.Mirai-10007027-0 Create hunting rule

Signature:	Unix.Trojan.Mirai-10009361-0 Create hunting rule

Signature:	Unix.Trojan.Mirai-10011027-0 Create hunting rule

Signature:	Unix.Trojan.Mirai-10011918-0 Create hunting rule

Signature:	Unix.Trojan.Mirai-8041698-0 Create hunting rule

Signature:	Unix.Trojan.Mirai-9441505-0 Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:	ELF_IoT_Persistence_Hunt Create hunting rule
Author:	4r4
Description:	Hunts for ELF files with persistence and download capabilities
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	ELF_Mirai Create hunting rule
Author:	NDA0E
Description:	Detects multiple Mirai variants
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	ELF_Toriilike_persist Create hunting rule
Author:	4r4
Description:	Detects Torii IoT Botnet (stealthier Mirai alternative)
Reference:	Identified via researched data
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	linux_generic_ipv6_catcher Create hunting rule
Author:	@_lubiedo
Description:	ELF samples using IPv6 addresses
TLP:	TLP:WHITE
Repository:	Stratosphere

Rule name:	Linux_Trojan_Gafgyt_28a2fe0c Create hunting rule
Author:	Elastic Security
TLP:	TLP:WHITE
Repository:	elastic

Rule name:	classified
TLP :	TLP:AMBER

Rule name:	unixredflags3 Create hunting rule
Author:	Tim Brown @timb_machine
Description:	Hunts for UNIX red flags
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Unpacker

The following YARA rules matched on the unpacked file.

No matches

Unpacked Files

The following files could be unpacked from this sample.

No unpacked files found

Task Information

Task ID:	abdf19de-1f11-11f1-b47f-42010aa4000b
File name:	4641db7fcc6016646eabbec769d67a4d52eb3c2803272045ba9aeb10d83878dc.elf
Task parameters:	ClamAV scan:	True
	Unpack:	False
	Share file:	True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:	Sanesecurity.Malware.28886.LC.UNOFFICIAL Create hunting rule

Signature:	Sanesecurity.Malware.29325.LC.Pl.UNOFFICIAL Create hunting rule

Signature:	Sanesecurity.Malware.32133.LX.BOT.UNOFFICIAL Create hunting rule

Signature:	SecuriteInfo.com.Linux.Mirai-81.UNOFFICIAL Create hunting rule

Signature:	Unix.Dropper.Mirai-10007027-0 Create hunting rule

Signature:	Unix.Trojan.Mirai-10009361-0 Create hunting rule

Signature:	Unix.Trojan.Mirai-10011027-0 Create hunting rule

Signature:	Unix.Trojan.Mirai-10011918-0 Create hunting rule

Signature:	Unix.Trojan.Mirai-8041698-0 Create hunting rule

Signature:	Unix.Trojan.Mirai-9441505-0 Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:	ELF_IoT_Persistence_Hunt Create hunting rule
Author:	4r4
Description:	Hunts for ELF files with persistence and download capabilities
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	ELF_Mirai Create hunting rule
Author:	NDA0E
Description:	Detects multiple Mirai variants
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	ELF_Toriilike_persist Create hunting rule
Author:	4r4
Description:	Detects Torii IoT Botnet (stealthier Mirai alternative)
Reference:	Identified via researched data
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	linux_generic_ipv6_catcher Create hunting rule
Author:	@_lubiedo
Description:	ELF samples using IPv6 addresses
TLP:	TLP:WHITE
Repository:	Stratosphere

Rule name:	Linux_Trojan_Gafgyt_28a2fe0c Create hunting rule
Author:	Elastic Security
TLP:	TLP:WHITE
Repository:	elastic

Rule name:	classified
TLP :	TLP:AMBER

Rule name:	unixredflags3 Create hunting rule
Author:	Tim Brown @timb_machine
Description:	Hunts for UNIX red flags
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Unpacker

The following YARA rules matched on the unpacked file.

Disabled by submitter

Unpacked Files

The following files could be unpacked from this sample.

Disabled by submitter

Task Information

Task ID:	a1d9a552-1f11-11f1-b47f-42010aa4000b
File name:	4641db7fcc6016646eabbec769d67a4d52eb3c2803272045ba9aeb10d83878dc
Task parameters:	ClamAV scan:	True
	Unpack:	True
	Share file:	True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:	Sanesecurity.Malware.28886.LC.UNOFFICIAL Create hunting rule

Signature:	Sanesecurity.Malware.29325.LC.Pl.UNOFFICIAL Create hunting rule

Signature:	Sanesecurity.Malware.32133.LX.BOT.UNOFFICIAL Create hunting rule

Signature:	SecuriteInfo.com.Linux.Mirai-81.UNOFFICIAL Create hunting rule

Signature:	Unix.Dropper.Mirai-10007027-0 Create hunting rule

Signature:	Unix.Trojan.Mirai-10009361-0 Create hunting rule

Signature:	Unix.Trojan.Mirai-10011027-0 Create hunting rule

Signature:	Unix.Trojan.Mirai-10011918-0 Create hunting rule

Signature:	Unix.Trojan.Mirai-8041698-0 Create hunting rule

Signature:	Unix.Trojan.Mirai-9441505-0 Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:	ELF_IoT_Persistence_Hunt Create hunting rule
Author:	4r4
Description:	Hunts for ELF files with persistence and download capabilities
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	ELF_Mirai Create hunting rule
Author:	NDA0E
Description:	Detects multiple Mirai variants
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	ELF_Toriilike_persist Create hunting rule
Author:	4r4
Description:	Detects Torii IoT Botnet (stealthier Mirai alternative)
Reference:	Identified via researched data
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	linux_generic_ipv6_catcher Create hunting rule
Author:	@_lubiedo
Description:	ELF samples using IPv6 addresses
TLP:	TLP:WHITE
Repository:	Stratosphere

Rule name:	Linux_Trojan_Gafgyt_28a2fe0c Create hunting rule
Author:	Elastic Security
TLP:	TLP:WHITE
Repository:	elastic

Rule name:	classified
TLP :	TLP:AMBER

Rule name:	unixredflags3 Create hunting rule
Author:	Tim Brown @timb_machine
Description:	Hunts for UNIX red flags
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Unpacker

The following YARA rules matched on the unpacked file.

No matches

Unpacked Files

The following files could be unpacked from this sample.

No unpacked files found

Task Information

Task ID:	7ea0ff00-1f11-11f1-b47f-42010aa4000b
File name:	4641db7fcc6016646eabbec769d67a4d52eb3c2803272045ba9aeb10d83878dc
Task parameters:	ClamAV scan:	True
	Unpack:	True
	Share file:	True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:	Sanesecurity.Malware.28886.LC.UNOFFICIAL Create hunting rule

Signature:	Sanesecurity.Malware.29325.LC.Pl.UNOFFICIAL Create hunting rule

Signature:	Sanesecurity.Malware.32133.LX.BOT.UNOFFICIAL Create hunting rule

Signature:	SecuriteInfo.com.Linux.Mirai-81.UNOFFICIAL Create hunting rule

Signature:	Unix.Dropper.Mirai-10007027-0 Create hunting rule

Signature:	Unix.Trojan.Mirai-10009361-0 Create hunting rule

Signature:	Unix.Trojan.Mirai-10011027-0 Create hunting rule

Signature:	Unix.Trojan.Mirai-10011918-0 Create hunting rule

Signature:	Unix.Trojan.Mirai-8041698-0 Create hunting rule

Signature:	Unix.Trojan.Mirai-9441505-0 Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:	ELF_IoT_Persistence_Hunt Create hunting rule
Author:	4r4
Description:	Hunts for ELF files with persistence and download capabilities
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	ELF_Mirai Create hunting rule
Author:	NDA0E
Description:	Detects multiple Mirai variants
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	ELF_Toriilike_persist Create hunting rule
Author:	4r4
Description:	Detects Torii IoT Botnet (stealthier Mirai alternative)
Reference:	Identified via researched data
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	linux_generic_ipv6_catcher Create hunting rule
Author:	@_lubiedo
Description:	ELF samples using IPv6 addresses
TLP:	TLP:WHITE
Repository:	Stratosphere

Rule name:	Linux_Trojan_Gafgyt_28a2fe0c Create hunting rule
Author:	Elastic Security
TLP:	TLP:WHITE
Repository:	elastic

Rule name:	classified
TLP :	TLP:AMBER

Rule name:	unixredflags3 Create hunting rule
Author:	Tim Brown @timb_machine
Description:	Hunts for UNIX red flags
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Unpacker

The following YARA rules matched on the unpacked file.

No matches

Unpacked Files

The following files could be unpacked from this sample.

No unpacked files found

YARAify Scan Results

Scan Results Rescan

Tasks

2026-03-13 19:22:02 UTC Static: 7 Unpacker: 0 ClamAV: 10

Task Information

ClamAV Results

YARA Results

Static Analysis

Unpacker

Unpacked Files

2026-03-13 19:21:02 UTC Static: 7 Unpacker: 0 ClamAV: 10

Task Information

ClamAV Results

YARA Results

Static Analysis

Unpacker

Unpacked Files

2026-03-13 19:20:18 UTC Static: 7 Unpacker: 0 ClamAV: 10

Task Information

ClamAV Results

YARA Results

Static Analysis

Unpacker

Unpacked Files

2026-03-13 19:20:01 UTC Static: 7 Unpacker: 0 ClamAV: 10

Task Information

ClamAV Results

YARA Results

Static Analysis

Unpacker

Unpacked Files

2026-03-13 19:19:02 UTC Static: 7 Unpacker: 0 ClamAV: 10

Task Information

ClamAV Results

YARA Results

Static Analysis

Unpacker

Unpacked Files

Scan Results