About “Win64/CobaltStrike.Beacon.L” infection

The Win64/CobaltStrike.Beacon.L is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win64/CobaltStrike.Beacon.L virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Dynamic (imported) function loading detected
Authenticode signature is invalid

How to determine Win64/CobaltStrike.Beacon.L?


File Info:
name: 66EA0D31636BC8939145.mlw
path: /opt/CAPEv2/storage/binaries/ae2f0e1c53c2c48a07783abdbac5a91b3d0a531f143995ed53b979c9e66e230b
crc32: 16C2CAB4
md5: 66ea0d31636bc8939145e78966ef471e
sha1: 3f442746c4549b3fde724e42f198f1e36b8141d7
sha256: ae2f0e1c53c2c48a07783abdbac5a91b3d0a531f143995ed53b979c9e66e230b
sha512: b3f1734221b93c6db665dca6381ade20e27e0ea5b4f71d7968f1fb36981ba236a2d8eb43d7deff4627b6f970acefa5cf0c9b3a2d2e37651234135f7a22b207e4
ssdeep: 24576:xHe+LSv/2RiNvPEoNgX4uD4ncBZf490+SXOiYQ6JLkiGFbWLyhErmnq85+Z5:xeMSx3lNgoX2+OALXabgyhfnb52
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T1927523195A8358F8C41DC13421E72B32BAF07C79546425AF5BC0F7E22E69D81CFABD26
sha3_384: c05bd4c9303464895f859982b1ab769fa754df561e76d3190da4ca4c495052d57562d4da59d7b4ac646a4fb07236833a
ep_bytes: 4883ec28488b05750e1800c700010000
timestamp: 2021-11-21 14:10:13

Version Info:
0: [No Data]

Win64/CobaltStrike.Beacon.L also known as:

Elastic	malicious (high confidence)
FireEye	Generic.mg.66ea0d31636bc893
K7AntiVirus	Trojan ( 005824111 )
K7GW	Trojan ( 005824111 )
CrowdStrike	win/malicious_confidence_60% (D)
Symantec	Trojan.Gen.MBT
ESET-NOD32	a variant of Win64/CobaltStrike.Beacon.L.gen
TrendMicro-HouseCall	TROJ_GEN.R002H0AKL21
Kaspersky	Trojan-Dropper.Win32.Dapato.qxhg
Avast	Win64:Trojan-gen
Sophos	Mal/Generic-S
McAfee-GW-Edition	Artemis!Trojan
Ikarus	Virus.Win32.Meterpreter
Avira	HEUR/AGEN.1144929
Microsoft	Trojan:Win32/Wacatac.B!ml
ViRobot	Trojan.Win32.Z.Sabsik.1587712
GData	Win64.Trojan.Agent.O7V6MF
Cynet	Malicious (score: 100)
McAfee	Artemis!66EA0D31636B
APEX	Malicious
Fortinet	W64/CobaltStrike_Beacon.L!tr
AVG	Win64:Trojan-gen

How to remove Win64/CobaltStrike.Beacon.L?

Win64/CobaltStrike.Beacon.L removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X