Malware.Win64.CobaltStrike.cld
Cobalt Strike is a paid penetration testing tool used by security professionals to deploy an agent called 'Beacon' on a target system. Beacon provides various functionalities to the operator, including command execution, keylogging, file transfer, SOCKS proxying, privilege escalation, mimikatz, port scanning, and lateral movement. Beacon operates in-memory and is file-less, loading itself into a process's memory after exploiting vulnerabilities or executing a shellcode loader, avoiding disk storage. It supports communication and staging over multiple protocols, including HTTP, HTTPS, DNS, SMB named pipes, and both forward and reverse TCP connections, with the capability for daisy-chaining. Additionally, Cobalt Strike includes the Artifact Kit, a toolkit for creating shellcode loaders.
Checked |
2023-09-10 20:54:19 |
MD5 |
cfab3bce973877f871fab477ff738d16 |
SHA1 |
a2da7b8735e580824355fcee61705edcfc5b7f65 |
SHA256 |
c72d1b903c65ebef5b20ee6e70eb3a46c49c72c74232fc66a62add763b061245 |
SHA512 |
ff3064bd5bb52d079c75d9d90944360eb11bbd035093eee268dd9df4ffc508df2c0c99daca612a511b69ed1aeb5498c773d749d80069064abc9bbc0ec4cddfde |
Imphash |
9ac54dbf0e879da3dc3691bd7af5d6bf |
File Size |
310784 bytes |