Trojan

Trojan:Win32/Cobaltstrike.RPY!MTB removal

Malware Removal

The Trojan:Win32/Cobaltstrike.RPY!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan:Win32/Cobaltstrike.RPY!MTB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Performs HTTP requests potentially not found in PCAP.
  • CAPE extracted potentially suspicious content
  • Authenticode signature is invalid
  • CAPE detected the CobaltStrikeBeacon malware family
  • Attempts to modify proxy settings
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Trojan:Win32/Cobaltstrike.RPY!MTB?



File Info:

name: 2D98675D720CE4365026.mlw
path: /opt/CAPEv2/storage/binaries/18e1e47ea0b7640b3655a74766ebed0a7ae0478f3de05a888f136bb3e469e093
crc32: CCB69A1E
md5: 2d98675d720ce43650261018f57ca5a6
sha1: bd1929c51fabaf07c2276f330ea78a6eb1dcfd3c
sha256: 18e1e47ea0b7640b3655a74766ebed0a7ae0478f3de05a888f136bb3e469e093
sha512: eb80ca8193e5415696d578362aa7742ca11ca10d71d9f0fa35b8dea7929c8bf4211fa7c5c0a211686a5ed11233daf43df8a452eaf87d6dbd0ad3e1a901043df4
ssdeep: 6144:IHMrcIpZp/bVMIAH0b2Jh03iUkyDnHO+xaRCaM3Da3:IsPpZp/6I527kxkyjaM3DS
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1F364BFF49BC008B1E45D113439B495BE7F3D5B32AF2165D0EA5825CBB4E26C3873A22E
sha3_384: 07930a6261ad1c350d6073266888b3496791aed7273221335489dbb8d1b1988cb1d618241b0a46eeaeb8ace3b1afcc10
ep_bytes: c7050831450001000000e9b1fcffff90
timestamp: 2023-07-28 06:28:58


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Windows Explorer
FileVersion: 10.0.19041.1266 (WinBuild.160101.0800)
InternalName: explorer
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: EXPLORER.EXE
ProductName: Microsoft® Windows® Operating System
ProductVersion: 10.0.19041.1266
Translation: 0x0409 0x04f2

Trojan:Win32/Cobaltstrike.RPY!MTB also known as:

BkavW32.AIDetectMalware
LionicTrojan.Win32.CobaltStrike.4!c
MicroWorld-eScanTrojan.GenericKD.68447573
FireEyeGeneric.mg.2d98675d720ce436
McAfeeArtemis!2D98675D720C
Cylanceunsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 004f0f391 )
AlibabaTrojan:Win32/Rozena.bc9ed436
K7GWTrojan ( 004f0f391 )
CyrenW32/ABRisk.VSFK-7129
SymantecML.Attribute.HighConfidence
ElasticWindows.Trojan.CobaltStrike
ESET-NOD32a variant of Win32/Rozena.SA
APEXMalicious
CynetMalicious (score: 100)
KasperskyTrojan.Win32.CobaltStrike.dcb
BitDefenderTrojan.GenericKD.68447573
AvastWin32:MalwareX-gen [Trj]
TencentMalware.Win32.Gencirc.13eb6612
EmsisoftTrojan.GenericKD.68447573 (B)
F-SecureTrojan.TR/Rozena.tstsd
VIPRETrojan.GenericKD.68447573
TrendMicroBackdoor.Win32.COBEACON.YXDG5Z
McAfee-GW-EditionBehavesLike.Win32.Generic.fh
Trapminemalicious.moderate.ml.score
SophosMal/Generic-S
IkarusTrojan.Patched
GDataTrojan.GenericKD.68447573
AviraTR/Rozena.tstsd
Antiy-AVLTrojan/Win32.Rozena
ArcabitTrojan.Generic.D4146D55
ZoneAlarmTrojan.Win32.CobaltStrike.dcb
MicrosoftTrojan:Win32/Cobaltstrike.RPY!MTB
GoogleDetected
VBA32BScope.Trojan.Downloader
ALYacTrojan.GenericKD.68447573
MAXmalware (ai score=84)
MalwarebytesMalware.AI.2289290754
PandaTrj/Chgt.AD
TrendMicro-HouseCallBackdoor.Win32.COBEACON.YXDG5Z
RisingTrojan.Rozena!8.6D (CLOUD)
MaxSecureTrojan.Malware.215248386.susgen
FortinetW32/Rozena.SA!tr
BitDefenderThetaGen:NN.ZexaF.36348.uK0@a8SxmMni
AVGWin32:MalwareX-gen [Trj]
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Trojan:Win32/Cobaltstrike.RPY!MTB?

Trojan:Win32/Cobaltstrike.RPY!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment