Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.CobaltStrike.RK

Trojan.CobaltStrike.RK

By CagedTech in Trojans

Threat Scorecard

Popularity Rank: 13,198
Threat Level: 80 % (High)
Infected Computers: 8
First Seen: April 17, 2026
Last Seen: June 9, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Trojan.CobaltStrike.RK
Signature status: Modified signature

Known Samples

MD5: 40241419ba75196bf4b804d9b1aee8a8
SHA1: a0683b298aaf1e43a230f162018067ea9eab239b
SHA256: 0AF20FA1E1A7A6C879B4B740233CF3499D9B6B7F33CE38DB6E011C2CED3866CD
File Size: 1.23 MB, 1233060 bytes
MD5: c6ab466b8fefe4778cf81d746ab937bd
SHA1: 3b4d7330494b87b1140c8feb0bfd6d2f017f516c
SHA256: 40EB80DE4E2349C2953D3626830F804D158AE471EF797B6E796569415F1B6FB3
File Size: 1.25 MB, 1245048 bytes
MD5: 12756fbf6f991ed9c92064318622b766
SHA1: 46e50efca739a8defbc51f0be25ebea178f30381
SHA256: B38D48A4D95A19B774D6929E18E0C363D8D6607241D88065CEC6CB2930EA82C1
File Size: 1.25 MB, 1252750 bytes
MD5: a4d636c952bbf469c99104096fac87c2
SHA1: 654bffdd0cf766b49619701ba2978cf5e84338d4
SHA256: 0D99B04497CB75566DE6ADA802E35BC74A6E174ED8B1A4A276F0F51E745E9C55
File Size: 1.22 MB, 1220508 bytes
MD5: 96890ba7b35b3b5779d1a1749269f7ce
SHA1: 2c206884ceac4a54a5b7dbf40710314e5b7b799d
SHA256: 825F1599A87C8F15C9FECBF07C637C9D42F943CFA33099458FC6DEB2265DD2B1
File Size: 1.26 MB, 1257720 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have security information
  • File has TLS information
  • File is 64-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name Value
Company Name
  • Apex Distributed Solutions
  • Global Neutron Helix Capital
  • Global Open Aqua AG
  • International Silver Press
  • Theta-Sage Dynamics
File Description
  • Find Limiter Analytics Activate Product
  • Frank Shader Framework
  • Genius Setup Value Module
  • Management Transponder Established Sync Driver
  • Texture True Segmenter
File Version
  • 19.3.45.488
  • 16.4.69.964
  • 10.8.30.43
  • 9.2.10.39
  • 3.7.9.96
Internal Name
  • cable23
  • design_begin
  • gatecomp5
  • latency12
  • power_pion
Legal Copyright
  • (C) 2024 by Apex Distributed Solutions
  • 2021 Theta-Sage Dynamics. All Rights Reserved.
  • All Rights Reserved. Copyright 2026 Global Open Aqua AG
  • Copyright 2012, 2020 Global Neutron Helix Capital
  • International Silver Press, Copyright 2023
Original Filename
  • cable23
  • design_begin
  • gatecomp5
  • latency12
  • power_pion
Product Name
  • Enterprise Demodulator Cut Parser
  • Lean Innovative Pressure Finalizer
  • Quality Nimble Pipeline Splitter 42
  • Switch Futuristic Normal Secondary
  • Validation Established Partition
Product Version
  • 19.3.45.488
  • 10.8.30.43
  • 9.2.10.39
  • 5.6.1.58
  • 1.6.37.524

File Traits

  • big overlay
  • fptable
  • Installer Manifest
  • Installer Version
  • ntdll
  • x64

Block Information

Total Blocks: 896
Potentially Malicious Blocks: 34
Whitelisted Blocks: 841
Unknown Blocks: 21

Visual Map

0 0 0 0 0 1 0 0 0 0 0 0 0 0 ? ? ? ? x ? x x 0 0 0 x x ? ? ? ? 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 x 0 x 0 0 0 0 x x 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 2 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 ? x x 0 0 0 x 0 0 ? x 0 x 0 0 0 0 x 0 0 x 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • CobaltStrike.RK

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClose
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtSetEvent
Show More
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtWriteFile
  • UNKNOWN

Trending

Most Viewed

Loading...