YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash a89d6394ebef0874cafa9c14bdad0810555f8dd684f2caabbf4562581a006b70.
Scan Results
| SHA256 hash: | a89d6394ebef0874cafa9c14bdad0810555f8dd684f2caabbf4562581a006b70 | |
|---|---|---|
| File size: | 95'110 bytes | |
| File download: | Original | |
| MIME type: | application/x-executable | |
| MD5 hash: | 59103f9c93af8c7ac596eb30103cb545 | |
| SHA1 hash: | 4a4f799c07e9c61b8c7c510541efc1dff03e6a85 | |
| SHA3-384 hash: | 22f6d2cce24685d2aa7c35abed1b15c06bd6afdd665ad1db24aea9fee6cf1934cdc95a681bd5d739193b7482ba3d140b | |
| First seen: | 2025-11-20 07:01:01 UTC | |
| Last seen: | 2025-11-20 07:04:02 UTC | |
| Sightings: | 5 | |
| imphash : | n/a | |
| ssdeep : | 1536:0yXDP3ZhUNUPXPKmYQaC/Qdk5cc/z4d7J2cNU5mZ5hGtMdy72PM37K8PN2UrYe:vXj7UNUPX5YQJQdScc7M7JFp5hGCdy7F | |
| TLSH : | T1C2934C81A640C6B3D09F0BB9119B5B113533F6BA6A5B9D67F31C2CF0CA07881725AFD9 | |
| telfhash : | t19f21f343a1b68a296fb39d645c7c46e116a1a62377407fb0ef1dc1849d37012b43dd8b | |
| gimphash : | n/a | |
| dhash icon : | n/a | |
Tasks
There are 5 tasks on YARAify for this particular file. The 10 most recent ones are shown below.
Task Information
| Task ID: | 185ef4c9-c5df-11f0-adeb-42010aa4000b | |
|---|---|---|
| File name: | a89d6394ebef0874cafa9c14bdad0810555f8dd684f2caabbf4562581a006b70 | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | True | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | Sanesecurity.Malware.29325.LC.Pl.UNOFFICIAL |
|---|
| Signature: | SecuriteInfo.com.Linux.Mirai-81.UNOFFICIAL |
|---|
| Signature: | Unix.Dropper.Mirai-7136029-0 |
|---|
| Signature: | Unix.Dropper.Mirai-7139229-0 |
|---|
| Signature: | Unix.Trojan.Gafgyt-9809564-0 |
|---|
| Signature: | Unix.Trojan.Mirai-9853183-0 |
|---|
| Signature: | Unix.Trojan.Mirai-9864781-0 |
|---|
| Signature: | Unix.Trojan.Mirai-9907057-0 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | CP_Script_Inject_Detector |
|---|---|
| Author: | DiegoAnalytics |
| Description: | Detects attempts to inject code into another process across PE, ELF, Mach-O binaries |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | elf_bashlite_auto |
|---|---|
| Author: | Felix Bilstein - yara-signator at cocacoding dot com |
| Description: | Detects elf.bashlite. |
| TLP: | TLP:WHITE |
| Repository: | Malpedia |
| Rule name: | Linux_Gafgyt_Generic |
|---|---|
| Author: | albertzsigovits |
| Description: | Generic Approach to Mirai/Gafgyt samples |
| TLP: | TLP:WHITE |
| Rule name: | linux_generic_ipv6_catcher |
|---|---|
| Author: | @_lubiedo |
| Description: | ELF samples using IPv6 addresses |
| TLP: | TLP:WHITE |
| Repository: | Stratosphere |
| Rule name: | Linux_Trojan_Gafgyt_28a2fe0c |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
| Rule name: | Linux_Trojan_Gafgyt_5bf62ce4 |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
| Rule name: | Linux_Trojan_Gafgyt_6122acdf |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
| Rule name: | Linux_Trojan_Gafgyt_7167d08f |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
| Rule name: | Linux_Trojan_Gafgyt_750fe002 |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
| Rule name: | Linux_Trojan_Gafgyt_c573932b |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
| Rule name: | Linux_Trojan_Mirai_389ee3e9 |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
| Rule name: | Mal_LNX_Gafgyt_Botnet_ELF |
|---|---|
| Author: | Phatcharadol Thangplub |
| Description: | Use to detect Gafgyt botnet, and there variants. |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | NET |
|---|---|
| Author: | malware-lu |
| TLP: | TLP:WHITE |
| Repository: |
| Rule name: | classified |
|---|---|
| TLP : | TLP:AMBER |
| Rule name: | setsockopt |
|---|---|
| Author: | Tim Brown @timb_machine |
| Description: | Hunts for setsockopt() red flags |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
| Rule name: | unixredflags3 |
|---|---|
| Author: | Tim Brown @timb_machine |
| Description: | Hunts for UNIX red flags |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
Unpacker
The following YARA rules matched on the unpacked file.
No matches
Unpacked Files
The following files could be unpacked from this sample.
No unpacked files found
Task Information
| Task ID: | f4d3a8e1-c5de-11f0-adeb-42010aa4000b | |
|---|---|---|
| File name: | a89d6394ebef0874cafa9c14bdad0810555f8dd684f2caabbf4562581a006b70 | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | True | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | Sanesecurity.Malware.29325.LC.Pl.UNOFFICIAL |
|---|
| Signature: | SecuriteInfo.com.Linux.Mirai-81.UNOFFICIAL |
|---|
| Signature: | Unix.Dropper.Mirai-7136029-0 |
|---|
| Signature: | Unix.Dropper.Mirai-7139229-0 |
|---|
| Signature: | Unix.Trojan.Gafgyt-9809564-0 |
|---|
| Signature: | Unix.Trojan.Mirai-9853183-0 |
|---|
| Signature: | Unix.Trojan.Mirai-9864781-0 |
|---|
| Signature: | Unix.Trojan.Mirai-9907057-0 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | CP_Script_Inject_Detector |
|---|---|
| Author: | DiegoAnalytics |
| Description: | Detects attempts to inject code into another process across PE, ELF, Mach-O binaries |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | elf_bashlite_auto |
|---|---|
| Author: | Felix Bilstein - yara-signator at cocacoding dot com |
| Description: | Detects elf.bashlite. |
| TLP: | TLP:WHITE |
| Repository: | Malpedia |
| Rule name: | Linux_Gafgyt_Generic |
|---|---|
| Author: | albertzsigovits |
| Description: | Generic Approach to Mirai/Gafgyt samples |
| TLP: | TLP:WHITE |
| Rule name: | linux_generic_ipv6_catcher |
|---|---|
| Author: | @_lubiedo |
| Description: | ELF samples using IPv6 addresses |
| TLP: | TLP:WHITE |
| Repository: | Stratosphere |
| Rule name: | Linux_Trojan_Gafgyt_28a2fe0c |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
| Rule name: | Linux_Trojan_Gafgyt_5bf62ce4 |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
| Rule name: | Linux_Trojan_Gafgyt_6122acdf |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
| Rule name: | Linux_Trojan_Gafgyt_7167d08f |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
| Rule name: | Linux_Trojan_Gafgyt_750fe002 |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
| Rule name: | Linux_Trojan_Gafgyt_c573932b |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
| Rule name: | Linux_Trojan_Mirai_389ee3e9 |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
| Rule name: | Mal_LNX_Gafgyt_Botnet_ELF |
|---|---|
| Author: | Phatcharadol Thangplub |
| Description: | Use to detect Gafgyt botnet, and there variants. |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | NET |
|---|---|
| Author: | malware-lu |
| TLP: | TLP:WHITE |
| Repository: |
| Rule name: | classified |
|---|---|
| TLP : | TLP:AMBER |
| Rule name: | setsockopt |
|---|---|
| Author: | Tim Brown @timb_machine |
| Description: | Hunts for setsockopt() red flags |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
| Rule name: | unixredflags3 |
|---|---|
| Author: | Tim Brown @timb_machine |
| Description: | Hunts for UNIX red flags |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
Unpacker
The following YARA rules matched on the unpacked file.
No matches
Unpacked Files
The following files could be unpacked from this sample.
No unpacked files found
Task Information
| Task ID: | e2998851-c5de-11f0-adeb-42010aa4000b | |
|---|---|---|
| File name: | a89d6394ebef0874cafa9c14bdad0810555f8dd684f2caabbf4562581a006b70.elf | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | Sanesecurity.Malware.29325.LC.Pl.UNOFFICIAL |
|---|
| Signature: | SecuriteInfo.com.Linux.Mirai-81.UNOFFICIAL |
|---|
| Signature: | Unix.Dropper.Mirai-7136029-0 |
|---|
| Signature: | Unix.Dropper.Mirai-7139229-0 |
|---|
| Signature: | Unix.Trojan.Gafgyt-9809564-0 |
|---|
| Signature: | Unix.Trojan.Mirai-9853183-0 |
|---|
| Signature: | Unix.Trojan.Mirai-9864781-0 |
|---|
| Signature: | Unix.Trojan.Mirai-9907057-0 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | CP_Script_Inject_Detector |
|---|---|
| Author: | DiegoAnalytics |
| Description: | Detects attempts to inject code into another process across PE, ELF, Mach-O binaries |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | elf_bashlite_auto |
|---|---|
| Author: | Felix Bilstein - yara-signator at cocacoding dot com |
| Description: | Detects elf.bashlite. |
| TLP: | TLP:WHITE |
| Repository: | Malpedia |
| Rule name: | Linux_Gafgyt_Generic |
|---|---|
| Author: | albertzsigovits |
| Description: | Generic Approach to Mirai/Gafgyt samples |
| TLP: | TLP:WHITE |
| Rule name: | linux_generic_ipv6_catcher |
|---|---|
| Author: | @_lubiedo |
| Description: | ELF samples using IPv6 addresses |
| TLP: | TLP:WHITE |
| Repository: | Stratosphere |
| Rule name: | Linux_Trojan_Gafgyt_28a2fe0c |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
| Rule name: | Linux_Trojan_Gafgyt_5bf62ce4 |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
| Rule name: | Linux_Trojan_Gafgyt_6122acdf |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
| Rule name: | Linux_Trojan_Gafgyt_7167d08f |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
| Rule name: | Linux_Trojan_Gafgyt_750fe002 |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
| Rule name: | Linux_Trojan_Gafgyt_c573932b |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
| Rule name: | Linux_Trojan_Mirai_389ee3e9 |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
| Rule name: | Mal_LNX_Gafgyt_Botnet_ELF |
|---|---|
| Author: | Phatcharadol Thangplub |
| Description: | Use to detect Gafgyt botnet, and there variants. |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | maldoc_getEIP_method_1 |
|---|---|
| Author: | Didier Stevens (https://DidierStevens.com) |
| TLP: | TLP:WHITE |
| Repository: |
| Rule name: | meth_get_eip |
|---|---|
| Author: | Willi Ballenthin |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | NET |
|---|---|
| Author: | malware-lu |
| TLP: | TLP:WHITE |
| Repository: |
| Rule name: | Qbot_Gafgyt_Bashlite |
|---|---|
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | classified |
|---|---|
| TLP : | TLP:AMBER |
| Rule name: | setsockopt |
|---|---|
| Author: | Tim Brown @timb_machine |
| Description: | Hunts for setsockopt() red flags |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
| Rule name: | unixredflags3 |
|---|---|
| Author: | Tim Brown @timb_machine |
| Description: | Hunts for UNIX red flags |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter
Task Information
| Task ID: | d0ff2603-c5de-11f0-adeb-42010aa4000b | |
|---|---|---|
| File name: | a89d6394ebef0874cafa9c14bdad0810555f8dd684f2caabbf4562581a006b70 | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | True | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | Sanesecurity.Malware.29325.LC.Pl.UNOFFICIAL |
|---|
| Signature: | SecuriteInfo.com.Linux.Mirai-81.UNOFFICIAL |
|---|
| Signature: | Unix.Dropper.Mirai-7136029-0 |
|---|
| Signature: | Unix.Dropper.Mirai-7139229-0 |
|---|
| Signature: | Unix.Trojan.Gafgyt-9809564-0 |
|---|
| Signature: | Unix.Trojan.Mirai-9853183-0 |
|---|
| Signature: | Unix.Trojan.Mirai-9864781-0 |
|---|
| Signature: | Unix.Trojan.Mirai-9907057-0 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | CP_Script_Inject_Detector |
|---|---|
| Author: | DiegoAnalytics |
| Description: | Detects attempts to inject code into another process across PE, ELF, Mach-O binaries |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | elf_bashlite_auto |
|---|---|
| Author: | Felix Bilstein - yara-signator at cocacoding dot com |
| Description: | Detects elf.bashlite. |
| TLP: | TLP:WHITE |
| Repository: | Malpedia |
| Rule name: | Linux_Gafgyt_Generic |
|---|---|
| Author: | albertzsigovits |
| Description: | Generic Approach to Mirai/Gafgyt samples |
| TLP: | TLP:WHITE |
| Rule name: | linux_generic_ipv6_catcher |
|---|---|
| Author: | @_lubiedo |
| Description: | ELF samples using IPv6 addresses |
| TLP: | TLP:WHITE |
| Repository: | Stratosphere |
| Rule name: | Linux_Trojan_Gafgyt_28a2fe0c |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
| Rule name: | Linux_Trojan_Gafgyt_5bf62ce4 |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
| Rule name: | Linux_Trojan_Gafgyt_6122acdf |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
| Rule name: | Linux_Trojan_Gafgyt_7167d08f |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
| Rule name: | Linux_Trojan_Gafgyt_750fe002 |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
| Rule name: | Linux_Trojan_Gafgyt_c573932b |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
| Rule name: | Linux_Trojan_Mirai_389ee3e9 |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
| Rule name: | Mal_LNX_Gafgyt_Botnet_ELF |
|---|---|
| Author: | Phatcharadol Thangplub |
| Description: | Use to detect Gafgyt botnet, and there variants. |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | NET |
|---|---|
| Author: | malware-lu |
| TLP: | TLP:WHITE |
| Repository: |
| Rule name: | classified |
|---|---|
| TLP : | TLP:AMBER |
| Rule name: | setsockopt |
|---|---|
| Author: | Tim Brown @timb_machine |
| Description: | Hunts for setsockopt() red flags |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
| Rule name: | unixredflags3 |
|---|---|
| Author: | Tim Brown @timb_machine |
| Description: | Hunts for UNIX red flags |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
Unpacker
The following YARA rules matched on the unpacked file.
No matches
Unpacked Files
The following files could be unpacked from this sample.
No unpacked files found
Task Information
| Task ID: | ac8e150d-c5de-11f0-adeb-42010aa4000b | |
|---|---|---|
| File name: | a89d6394ebef0874cafa9c14bdad0810555f8dd684f2caabbf4562581a006b70 | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | True | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | Sanesecurity.Malware.29325.LC.Pl.UNOFFICIAL |
|---|
| Signature: | SecuriteInfo.com.Linux.Mirai-81.UNOFFICIAL |
|---|
| Signature: | Unix.Dropper.Mirai-7136029-0 |
|---|
| Signature: | Unix.Dropper.Mirai-7139229-0 |
|---|
| Signature: | Unix.Trojan.Gafgyt-9809564-0 |
|---|
| Signature: | Unix.Trojan.Mirai-9853183-0 |
|---|
| Signature: | Unix.Trojan.Mirai-9864781-0 |
|---|
| Signature: | Unix.Trojan.Mirai-9907057-0 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | CP_Script_Inject_Detector |
|---|---|
| Author: | DiegoAnalytics |
| Description: | Detects attempts to inject code into another process across PE, ELF, Mach-O binaries |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | elf_bashlite_auto |
|---|---|
| Author: | Felix Bilstein - yara-signator at cocacoding dot com |
| Description: | Detects elf.bashlite. |
| TLP: | TLP:WHITE |
| Repository: | Malpedia |
| Rule name: | Linux_Gafgyt_Generic |
|---|---|
| Author: | albertzsigovits |
| Description: | Generic Approach to Mirai/Gafgyt samples |
| TLP: | TLP:WHITE |
| Rule name: | linux_generic_ipv6_catcher |
|---|---|
| Author: | @_lubiedo |
| Description: | ELF samples using IPv6 addresses |
| TLP: | TLP:WHITE |
| Repository: | Stratosphere |
| Rule name: | Linux_Trojan_Gafgyt_28a2fe0c |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
| Rule name: | Linux_Trojan_Gafgyt_5bf62ce4 |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
| Rule name: | Linux_Trojan_Gafgyt_6122acdf |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
| Rule name: | Linux_Trojan_Gafgyt_7167d08f |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
| Rule name: | Linux_Trojan_Gafgyt_750fe002 |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
| Rule name: | Linux_Trojan_Gafgyt_c573932b |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
| Rule name: | Linux_Trojan_Mirai_389ee3e9 |
|---|---|
| Author: | Elastic Security |
| TLP: | TLP:WHITE |
| Repository: | elastic |
| Rule name: | Mal_LNX_Gafgyt_Botnet_ELF |
|---|---|
| Author: | Phatcharadol Thangplub |
| Description: | Use to detect Gafgyt botnet, and there variants. |
| TLP: | TLP:WHITE |
| Repository: | YARAify |
| Rule name: | NET |
|---|---|
| Author: | malware-lu |
| TLP: | TLP:WHITE |
| Repository: |
| Rule name: | classified |
|---|---|
| TLP : | TLP:AMBER |
| Rule name: | setsockopt |
|---|---|
| Author: | Tim Brown @timb_machine |
| Description: | Hunts for setsockopt() red flags |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
| Rule name: | unixredflags3 |
|---|---|
| Author: | Tim Brown @timb_machine |
| Description: | Hunts for UNIX red flags |
| TLP: | TLP:WHITE |
| Repository: | MalwareBazaar |
Unpacker
The following YARA rules matched on the unpacked file.
No matches
Unpacked Files
The following files could be unpacked from this sample.
No unpacked files found