Gridinsoft Logo

Malware CobaltStrike Analysis

Malware CobaltStrike
Updated on 2023-09-10 (1 year ago)
Checked by Online Virus Scanner
Online Virus Checker v.1.0.138.174
DB Version: 2023-09-10 23:01:43

Malware.Win64.CobaltStrike.cld

Cobalt Strike is a paid penetration testing tool used by security professionals to deploy an agent called 'Beacon' on a target system. Beacon provides various functionalities to the operator, including command execution, keylogging, file transfer, SOCKS proxying, privilege escalation, mimikatz, port scanning, and lateral movement. Beacon operates in-memory and is file-less, loading itself into a process's memory after exploiting vulnerabilities or executing a shellcode loader, avoiding disk storage. It supports communication and staging over multiple protocols, including HTTP, HTTPS, DNS, SMB named pipes, and both forward and reverse TCP connections, with the capability for daisy-chaining. Additionally, Cobalt Strike includes the Artifact Kit, a toolkit for creating shellcode loaders.

Checked 2023-09-10 20:54:19
MD5 cfab3bce973877f871fab477ff738d16
SHA1 a2da7b8735e580824355fcee61705edcfc5b7f65
SHA256 c72d1b903c65ebef5b20ee6e70eb3a46c49c72c74232fc66a62add763b061245
SHA512 ff3064bd5bb52d079c75d9d90944360eb11bbd035093eee268dd9df4ffc508df2c0c99daca612a511b69ed1aeb5498c773d749d80069064abc9bbc0ec4cddfde
Imphash 9ac54dbf0e879da3dc3691bd7af5d6bf
File Size 310784 bytes

Malware.Win64.CobaltStrike.cld Removal

Malware.Win64.CobaltStrike.cld Removal

Gridinsoft has the capability to identify and eliminate Malware.Win64.CobaltStrike.cld without requiring further user intervention.

  • Start by downloading Gridinsoft Anti-Malware to your computer.
  • Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  • Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  • Click on the "Standard Scan" button.
  • After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  • If prompted, restart your system to complete the removal process.

Portable Executable Info

Image Base: 0x180000000
Entry Point: 0x180001490
Compilation: 2023-09-10 19:22:57
Checksum: 0x00000000 (Actual: 0x0005b3de)
OS Version: 6.0
PDB Path: D:\QUANNVTOOLS\Dev\wevtapi\x64\Release\wevtapi.pdb
PEiD: PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Sign: The PE file does not contain a certificate table.
Sections: 6
Imports: KERNEL32, VCRUNTIME140, api-ms-win-crt-runtime-l1-1-0,
Exports: 45
Resources: 1

Sections

Name Virtual Address Virtual Size Raw Size MD5 Entropy
.text 0x00001000 0x00001018 0x00001200 9065a606c9f523b0885b619bae8d4a3d 5.84
.rdata 0x00003000 0x00049f06 0x0004a000 ce64dd2233b56a2e4353fbecfef62852 7.77
.data 0x0004d000 0x00000640 0x00000200 f7be62718ed97c82bb8ff763a650ee8c 0.43
.pdata 0x0004e000 0x000001e0 0x00000200 4e59cb6f97279a69df5505cc6ad29cd4 3.86
.rsrc 0x0004f000 0x000000f8 0x00000200 28aba3e9d8e1d7c770a208195a6afe9f 2.53
.reloc 0x00050000 0x00000034 0x00000200 09af96ef4aee3574b706705789a68b1c 0.66

Leave a comment *

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.