FateInjector.exe Trojan CobaltStrike Analysis

Trojan CobaltStrike
Updated on 2024-06-15 (1 month ago)
Checked by Online Virus Scanner
Online Virus Checkerv.1.0.179.174
DB Version:2024-06-15 19:00:19

Trojan.Win64.CobaltStrike.tr

Cobalt Strike is a paid penetration testing tool used by security professionals to deploy an agent called 'Beacon' on a target system. Beacon provides various functionalities to the operator, including command execution, keylogging, file transfer, SOCKS proxying, privilege escalation, mimikatz, port scanning, and lateral movement. Beacon operates in-memory and is file-less, loading itself into a process's memory after exploiting vulnerabilities or executing a shellcode loader, avoiding disk storage. It supports communication and staging over multiple protocols, including HTTP, HTTPS, DNS, SMB named pipes, and both forward and reverse TCP connections, with the capability for daisy-chaining. Additionally, Cobalt Strike includes the Artifact Kit, a toolkit for creating shellcode loaders.

FileFateInjector.exe
Checked2024-06-15 17:04:39
MD59e6de7c7ebd1a00c2f7ddec78ba9403a
SHA165a9e65bf9b2b683ed93ac9848df8b5c9f3d4297
SHA25677a84c4ed29551d8968a9bc5de796d6f8463fa54df8554b3cff91ca83d8ff70d
SHA512f2dac6efaf4fa6c32b14a45bfa60813b67eb3a46e9a7342d13c1ba3bea3e0a188a5703d34c5fc65d20baae751c334474a9b51d7862d4c74fb60007dd8ce4adc9
Imphash7872442659d25a99d4c81847d3fcd592
File Size3907584 bytes

Trojan.Win64.CobaltStrike.tr Removal

Trojan.Win64.CobaltStrike.tr Removal

Gridinsoft has the capability to identify and eliminate Trojan.Win64.CobaltStrike.tr without requiring further user intervention.

  • Start by downloading Gridinsoft Anti-Malware to your computer.
  • Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  • Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  • Click on the "Standard Scan" button.
  • After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  • If prompted, restart your system to complete the removal process.

Portable Executable Info

259972dbbcc21e50f60b08ad42f67873
4480d75e209464d5fed70a39caf90bef
6169d96969995919
Image Base:0x140000000
Entry Point:0x14023be1c
Compilation:2021-01-12 16:40:03
Checksum:0x00000000 (Actual: 0x003c4930)
OS Version:6.0
PDB Path:C:\Users\Fligger\Source\Repos\FateInjector\x64\Release\FateInjector.pdb
PEiD:PE32+ executable (GUI) x86-64, for MS Windows
Sign:The PE file does not contain a certificate table.
Sections:6
Imports: KERNEL32, ADVAPI32, COMCTL32, RPCRT4, UxTheme, MSVCP140, MSIMG32, SHLWAPI, VCRUNTIME140_1, VCRUNTIME140, api-ms-win-crt-stdio-l1-1-0, api-ms-win-crt-runtime-l1-1-0, api-ms-win-crt-heap-l1-1-0, api-ms-win-crt-convert-l1-1-0, api-ms-win-crt-filesystem-l1-1-0, api-ms-win-crt-string-l1-1-0, api-ms-win-crt-time-l1-1-0, api-ms-win-crt-utility-l1-1-0, api-ms-win-crt-locale-l1-1-0, api-ms-win-crt-environment-l1-1-0, api-ms-win-crt-math-l1-1-0, USER32, GDI32, WINSPOOL, COMDLG32, SHELL32, ole32,
Exports: 0
Resources:3

Sections

Name Virtual Address Virtual Size Raw Size MD5 Entropy
.text 0x00001000 0x002775a5 0x00277600 60776be3e93fc0446be1014b6ea82e37 6.44
.rdata 0x00279000 0x00101622 0x00101800 06c9a557628dc54178329e46d4f9fe87 5.50
.data 0x0037b000 0x00043520 0x00014a00 50ac0731d4327262bc76ed44b0190f3c 4.93
.pdata 0x003bf000 0x0001941c 0x00019600 6016041804bdd8b4b573df7285865101 6.14
.rsrc 0x003d9000 0x00001d80 0x00001e00 086250002c1d75e8ab18beb19efb8ff7 2.75
.reloc 0x003db000 0x00010f7c 0x00011000 9057eac98e77eb74ed0cb654640dcf31 5.45

Leave a comment*

Share your thoughts or insights about this file. Do you align with our conclusion?

*Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Please Wait...

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Gridinsoft Anti-Malware