Summary

7347f0b12918ef4e7b6cefdd29f8c6a39fcc8a4b06385f104460583808c2492a.bat

File 7347f0b12918ef4e7b6cefdd29f8c6a39fcc8a4b06385f104460583808c2492a.bat

Summary
Download Resubmit sample

Size 1.3MB
Type DOS batch file, ASCII text, with very long lines (62677), with CRLF line terminators
MD5 d545f3a8ca8b9f11b4bcf941bd874892
SHA1 11cb58f5142dff7d634d991ac2cdf21e0267235f
SHA256 7347f0b12918ef4e7b6cefdd29f8c6a39fcc8a4b06385f104460583808c2492a
SHA512
26a949044f05b2685f678a2ecc4f55d9a7b6c8fed9e6d4644cbe917a3c0bc3391b7c302fb0783a297d60a2e090201f96fe02cc82f276438991eb7aa46cf1a69c
CRC32 09282139
ssdeep None
Yara
  • GEN_PowerShell - Generic PowerShell Malware Rule
  • powershell - (no description)

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis
Category Started Completed Duration Routing Logs
FILE April 6, 2026, 1:57 p.m. April 6, 2026, 1:58 p.m. 33 seconds internet Show Analyzer Log
Show Cuckoo Log

Analyzer Log

2026-04-06 13:57:36,003 [root] DEBUG: Starting analyzer from: /tmp/tmpMCLKuE
2026-04-06 13:57:36,003 [root] DEBUG: Storing results at: /tmp/dpMEAEN
2026-04-06 13:57:36,005 [root] ERROR: Traceback (most recent call last):
  File "/tmp/tmpMCLKuE/analyzer.py", line 340, in <module>
    success = analyzer.run()
  File "/tmp/tmpMCLKuE/analyzer.py", line 129, in run
    self.config.file_name, **kwargs)
  File "/tmp/tmpMCLKuE/lib/core/packages.py", line 42, in choose_package_class
    "exist.".format(name))
Exception: Unable to import package "bat": it does not exist.
Traceback (most recent call last):
  File "/tmp/tmpMCLKuE/analyzer.py", line 340, in <module>
    success = analyzer.run()
  File "/tmp/tmpMCLKuE/analyzer.py", line 129, in run
    self.config.file_name, **kwargs)
  File "/tmp/tmpMCLKuE/lib/core/packages.py", line 42, in choose_package_class
    "exist.".format(name))
Exception: Unable to import package "bat": it does not exist.

Cuckoo Log

2026-04-06 13:57:36,903 [cuckoo.core.scheduler] INFO: Task #7510677: acquired machine Ubuntu1904x647 (label=Ubuntu1904x647)
2026-04-06 13:57:36,904 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.107 for task #7510677
2026-04-06 13:57:37,601 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 737363 (interface=vboxnet0, host=192.168.168.107)
2026-04-06 13:57:37,663 [cuckoo.machinery.virtualbox] DEBUG: Starting vm Ubuntu1904x647
2026-04-06 13:57:38,701 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine Ubuntu1904x647 to Snapshot
2026-04-06 13:57:47,376 [cuckoo.core.guest] INFO: Starting analysis #7510677 on guest (id=Ubuntu1904x647, ip=192.168.168.107)
2026-04-06 13:57:48,384 [cuckoo.core.guest] DEBUG: Ubuntu1904x647: not ready yet
2026-04-06 13:57:53,413 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=Ubuntu1904x647, ip=192.168.168.107)
2026-04-06 13:57:53,439 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=Ubuntu1904x647, ip=192.168.168.107, monitor=latest, size=73219)
2026-04-06 13:57:53,693 [cuckoo.core.resultserver] DEBUG: Task #7510677: live log analysis.log initialized.
2026-04-06 13:57:56,591 [cuckoo.core.guest] INFO: Ubuntu1904x647: analysis completed successfully
2026-04-06 13:57:56,604 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2026-04-06 13:57:56,634 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2026-04-06 13:57:58,188 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label Ubuntu1904x647 to path /srv/cuckoo/cwd/storage/analyses/7510677/memory.dmp
2026-04-06 13:57:58,190 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm Ubuntu1904x647
2026-04-06 13:58:10,204 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.107 for task #7510677
2026-04-06 13:58:10,531 [cuckoo.core.scheduler] DEBUG: Released database task #7510677
2026-04-06 13:58:10,551 [cuckoo.core.scheduler] INFO: Task #7510677: analysis procedure completed

Signatures

Yara rules detected for file (2 events)
description Generic PowerShell Malware Rule rule GEN_PowerShell
description (no description) rule powershell
File has been identified by 9 AntiVirus engine on IRMA as malicious (9 events)
G Data Antivirus (Windows) Virus: Trojan.GenericKD.79590502 (Engine A)
Avast Core Security (Linux) Other:Malware-gen [Trj]
C4S ClamAV (Linux) C4S.MALWARE.SHA256.AUTOGEN.70808912.UNOFFICIAL
eScan Antivirus (Linux) Trojan.GenericKD.79590502(DB)
ESET Security (Windows) PowerShell/TrojanDropper.Agent.AZQ trojan
DrWeb Antivirus (Linux) BAT.Starter.721
Bitdefender Antivirus (Linux) Trojan.GenericKD.79590502
Kaspersky Standard (Windows) HEUR:Trojan.BAT.Cobalt.gen
Emsisoft Commandline Scanner (Windows) Trojan.GenericKD.79590502 (B)
File has been identified by 26 AntiVirus engines on VirusTotal as malicious (26 events)
Lionic Trojan.Script.Cobalt.4!c
CTX batch.trojan.cobalt
Skyhigh BehavesLike.Backdoor.tq
ALYac Trojan.GenericKD.79590502
VIPRE Trojan.GenericKD.79590502
K7GW Trojan ( 0001140e1 )
K7AntiVirus Trojan ( 0001140e1 )
Arcabit Trojan.Generic.D4BE7466
Symantec Scr.Malcode!gen
ESET-NOD32 PowerShell/TrojanDropper.Agent.AZQ trojan
Avast Other:Malware-gen [Trj]
Cynet Malicious (score: 99)
Kaspersky HEUR:Trojan.BAT.Cobalt.gen
BitDefender Trojan.GenericKD.79590502
MicroWorld-eScan Trojan.GenericKD.79590502
Rising Trojan.Cobalt/BAT!9.5ABDA (XSE:WFNFX0JBVDoHVCjR5mBFaYAvPAB5skGt)
Emsisoft Trojan.GenericKD.79590502 (B)
Google Detected
Antiy-AVL Trojan/BAT.Cobalt
Microsoft Trojan:Win32/Egairtigado!rfn
GData Trojan.GenericKD.79590502
Varist BAT/Agent.BKJ
Tencent Bat.Trojan.Cobalt.Lqil
Fortinet BAT/Agent.AZQ!tr
AVG Other:Malware-gen [Trj]
alibabacloud Trojan:Win/Cobalt.gyf
Screenshots
No screenshots available.
Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action VT Location
No hosts contacted.
Cuckoo

We're processing your submission... This could take a few seconds.