YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash beebbca34f024fe8f9ba618702b554dba77beee8c0bf37248039232d69da8d30.

Scan Results

SHA256 hash:	beebbca34f024fe8f9ba618702b554dba77beee8c0bf37248039232d69da8d30
File size:	55'892 bytes
File download:	Original
MIME type:	application/x-executable
MD5 hash:	10e2c1c216a71d4f558a741882870707
SHA1 hash:	f9c51574874110327fa0a42e0f362baeb1934b1c
SHA3-384 hash:	0c467ddb5256a85b1710d98ba7d81d772ab992e16e580671f2a921ef110b6f172ee0e582a4b44fec8854fec75782e506
First seen:	2026-05-18 07:40:43 UTC
Last seen:	Never
Sightings:	1
imphash :	n/a
ssdeep :	768:Ecys8ng4d08tmpydYQoyZEFM8fB958jdS8kIf4ubnJ2oN8RR43rMnBN3TWnlKmz:E7nZd04CW75EFMg8FfRbnJko7G
TLSH :	n/a
telfhash :	t187e06140fe764b1844e75634ecdd07b49511211761664710cf54daf0883f118a31cd5e Create hunting rule
gimphash :	n/a
dhash icon :	n/a

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:	e04d39f6-528c-11f1-badc-42010aa4000b
File name:	beebbca34f024fe8f9ba618702b554dba77beee8c0bf37248039232d69da8d30.elf
Task parameters:	ClamAV scan:	True
	Unpack:	False
	Share file:	True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:	Sanesecurity.Malware.30435.LC.UNOFFICIAL Create hunting rule

Signature:	Unix.Dropper.Mirai-10007027-0 Create hunting rule

Signature:	Unix.Dropper.Mirai-7135897-0 Create hunting rule

Signature:	Unix.Dropper.Mirai-7135901-0 Create hunting rule

Signature:	Unix.Dropper.Mirai-7135909-0 Create hunting rule

Signature:	Unix.Dropper.Mirai-7135918-0 Create hunting rule

Signature:	Unix.Dropper.Mirai-7135954-0 Create hunting rule

Signature:	Unix.Dropper.Mirai-7136016-0 Create hunting rule

Signature:	Unix.Dropper.Mirai-7136028-0 Create hunting rule

Signature:	Unix.Trojan.Mirai-10009361-0 Create hunting rule

Signature:	Unix.Trojan.Mirai-10059006-0 Create hunting rule

Signature:	Unix.Trojan.Mirai-10059216-0 Create hunting rule

Signature:	Unix.Trojan.Mirai-7100807-0 Create hunting rule

Signature:	Unix.Trojan.Mirai-7135916-0 Create hunting rule

Signature:	Unix.Trojan.Mirai-8025795-0 Create hunting rule

Signature:	Unix.Trojan.Mirai-9441505-0 Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:	ELF_Mirai Create hunting rule
Author:	NDA0E
Description:	Detects multiple Mirai variants
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	linux_generic_ipv6_catcher Create hunting rule
Author:	@_lubiedo
Description:	ELF samples using IPv6 addresses
TLP:	TLP:WHITE
Repository:	Stratosphere

Rule name:	classified
TLP :	TLP:AMBER

Rule name:	setsockopt Create hunting rule
Author:	Tim Brown @timb_machine
Description:	Hunts for setsockopt() red flags
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Rule name:	SUSP_XORed_Mozilla_Oct19 Create hunting rule
Author:	Florian Roth
Description:	Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key.
Reference:	https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force()
TLP:	TLP:WHITE
Repository:	Neo23x0

Rule name:	SUSP_XORed_Mozilla_RID2DB4 Create hunting rule
Author:	Florian Roth
Description:	Detects suspicious XORed keyword - Mozilla/5.0
Reference:	Internal Research
TLP:	TLP:WHITE

Rule name:	TH_Generic_MassHunt_Linux_Malware_2026_CYFARE Create hunting rule
Author:	CYFARE
Description:	Generic Linux malware mass-hunt rule - 2026
Reference:	https://cyfare.net/
TLP:	TLP:WHITE
Repository:	YARAify

Rule name:	unixredflags3 Create hunting rule
Author:	Tim Brown @timb_machine
Description:	Hunts for UNIX red flags
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Unpacker

The following YARA rules matched on the unpacked file.

Disabled by submitter

Unpacked Files

The following files could be unpacked from this sample.