Gridinsoft Logo

8618ac68a6f030225cd12dbd1b7bd55a1df84f96950bdaacc2e3f37715ade1ee Trojan CobaltStrike Analysis

Trojan CobaltStrike
Updated on 2023-12-08 (1 year ago)
Checked by Online Virus Scanner
Online Virus Checker v.1.0.151.174
DB Version: 2023-12-08 08:01:00

Trojan.Win64.CobaltStrike.tr

Cobalt Strike is a paid penetration testing tool used by security professionals to deploy an agent called 'Beacon' on a target system. Beacon provides various functionalities to the operator, including command execution, keylogging, file transfer, SOCKS proxying, privilege escalation, mimikatz, port scanning, and lateral movement. Beacon operates in-memory and is file-less, loading itself into a process's memory after exploiting vulnerabilities or executing a shellcode loader, avoiding disk storage. It supports communication and staging over multiple protocols, including HTTP, HTTPS, DNS, SMB named pipes, and both forward and reverse TCP connections, with the capability for daisy-chaining. Additionally, Cobalt Strike includes the Artifact Kit, a toolkit for creating shellcode loaders.

File 8618ac68a6f030225cd12dbd1b7bd55a1df84f96950bdaacc2e3f37715ade1ee
Checked 2023-12-08 06:19:27
MD5 0a3fc1a357b4972a2d3a9031ad623b96
SHA1 1ca9a642e6524164466244179fb6bb909d1b79cb
SHA256 8618ac68a6f030225cd12dbd1b7bd55a1df84f96950bdaacc2e3f37715ade1ee
SHA512 0b222e612cbd776738b3252c9c23b7147ea5efc4eb898fc608e3bd7390b495f48d21b5e342f1e68fca92427b9b041739a10817e107d23cd142ae7b637c4e64f5
Imphash 021c089fee2857f6524093c58ba8e652
File Size 1421824 bytes

Trojan.Win64.CobaltStrike.tr Removal

Trojan.Win64.CobaltStrike.tr Removal

Gridinsoft has the capability to identify and eliminate Trojan.Win64.CobaltStrike.tr without requiring further user intervention.

  • Start by downloading Gridinsoft Anti-Malware to your computer.
  • Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  • Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  • Click on the "Standard Scan" button.
  • After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  • If prompted, restart your system to complete the removal process.

Portable Executable Info

Image Base: 0x140000000
Entry Point: 0x14015e47d
Compilation: 2023-12-08 03:23:48
Checksum: 0x001697a7 (Actual: 0x001697a7)
OS Version: 6.0
PDB Path: C:\Users\Administrator\Downloads\EDR-Bypass-demo-main\chapter4-demo4\x64\Release\ShellcodeFluctuation.pdb
PEiD: PE32+ executable (console) x86-64, for MS Windows
Sign: The PE file does not contain a certificate table.
Sections: 5
Imports: KERNEL32, MSVCP140, VCRUNTIME140_1, VCRUNTIME140, api-ms-win-crt-runtime-l1-1-0, api-ms-win-crt-heap-l1-1-0, api-ms-win-crt-math-l1-1-0, api-ms-win-crt-stdio-l1-1-0, api-ms-win-crt-locale-l1-1-0, IPHLPAPI, msvcrt, PSAPI, USER32, ADVAPI32, SHELL32,
Exports: 0
Resources: 1

Sections

Name Virtual Address Virtual Size Raw Size MD5 Entropy
.text 0x00001000 0x0000e000 0x00005800 72687ad07885af813f2b8dc5bb0428f8 7.97
.sedata 0x0000f000 0x00154000 0x00153e00 231c204bb54c5afe021ca0fed2af0482 7.63
.idata 0x00163000 0x00001000 0x00000600 56439fdaba6637de8158672eb4fbfa73 3.94
.rsrc 0x00164000 0x00001000 0x00000200 fa4045cf2a7bb774762f58444a604378 4.72
.sedata 0x00165000 0x00001000 0x00001000 31a8b5369f62771cc77f3d18339b3272 7.98

Leave a comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Gridinsoft Anti-Malware