remcos | 28027242d50c7ac56bf9c3d03be17b9f93e857b171b65222c20d679048c42793 | Triage

Submit
Reports

Overview

overview

Static

static

3

28027242d5...93.exe

windows7-x64

28027242d5...93.exe

windows10-2004-x64

Sharing

General

Target

28027242d50c7ac56bf9c3d03be17b9f93e857b171b65222c20d679048c42793.exe
Size

856KB
Sample

240605-bl7klahf9v
MD5

e24419df6c7ac3cbfd80f7a8268ab759
SHA1

0b40e02c810f89cd4f14b29261eb4a720b15e69b
SHA256

28027242d50c7ac56bf9c3d03be17b9f93e857b171b65222c20d679048c42793
SHA512

9b1c2a40a3e92ed34b1866df59f37561e81df5573ea2f3aec1b79c6b78d919aedf11c6a9295f72d2619a07763590180660e147b1c6754996a718684efeef60f9
SSDEEP

24576:0XYHRTim+Nq125N+Zr+7SLptrw6A+7ooNbVOqQ98y5/:7pim+8k5DSLbrwsxU98y5/

Score

10^/10

remcos pupip rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

28027242d50c7ac56bf9c3d03be17b9f93e857b171b65222c20d679048c42793.exe

Resource

win7-20240508-en

remcos pupip rat

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

28027242d50c7ac56bf9c3d03be17b9f93e857b171b65222c20d679048c42793.exe

Resource

win10v2004-20240508-en

remcos pupip rat

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

remcos

Botnet

PUPIP

C2

zakriexports.com:1988

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
PUBIP-97ETXB
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  28027242d50c7ac56bf9c3d03be17b9f93e857b171b65222c20d679048c42793.exe
- Size
  
  856KB
- MD5
  
  e24419df6c7ac3cbfd80f7a8268ab759
- SHA1
  
  0b40e02c810f89cd4f14b29261eb4a720b15e69b
- SHA256
  
  28027242d50c7ac56bf9c3d03be17b9f93e857b171b65222c20d679048c42793
- SHA512
  
  9b1c2a40a3e92ed34b1866df59f37561e81df5573ea2f3aec1b79c6b78d919aedf11c6a9295f72d2619a07763590180660e147b1c6754996a718684efeef60f9
- SSDEEP
  
  24576:0XYHRTim+Nq125N+Zr+7SLptrw6A+7ooNbVOqQ98y5/:7pim+8k5DSLbrwsxU98y5/
Score

10^/10

remcos pupip rat
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
- Detects executables packed with or use KoiVM
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy