Created
June 17, 2022 09:13
-
-
Save usualsuspect/6f98b32809b3ece0d61a749f30e90a3d to your computer and use it in GitHub Desktop.
Cobalt Strike config for beacon dropped by Matanbuchus
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| BeaconType - HTTPS | |
| Port - 443 | |
| SleepTime - 53605 | |
| MaxGetSize - 1398447 | |
| Jitter - 63 | |
| MaxDNS - Not Found | |
| PublicKey_MD5 - d625126bd4d7cf421d2d001fc29c7ce2 | |
| C2Server - 190.123.44.220,/thaw.txt | |
| UserAgent - Mozilla/5.0 (Linux; Android 9; ONEPLUS A3003) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36 | |
| HttpPostUri - /shorten | |
| Malleable_C2_Instructions - Remove 339 bytes from the beginning | |
| Base64 decode | |
| XOR mask w/ random key | |
| HttpGet_Metadata - ConstHeaders | |
| Host: reykh.icu | |
| Connection: close | |
| Accept: text/css | |
| Metadata | |
| base64url | |
| base64 | |
| prepend "LXGUID=" | |
| header "Cookie" | |
| HttpPost_Metadata - ConstHeaders | |
| Host: reykh.icu | |
| Connection: close | |
| Accept-Encoding: compress | |
| Content-Type: text/plain | |
| SessionId | |
| base64 | |
| prepend "__session__id=" | |
| header "Cookie" | |
| Output | |
| netbiosu | |
| base64 | |
| PipeName - Not Found | |
| DNS_Idle - Not Found | |
| DNS_Sleep - Not Found | |
| SSH_Host - Not Found | |
| SSH_Port - Not Found | |
| SSH_Username - Not Found | |
| SSH_Password_Plaintext - Not Found | |
| SSH_Password_Pubkey - Not Found | |
| SSH_Banner - | |
| HttpGet_Verb - GET | |
| HttpPost_Verb - POST | |
| HttpPostChunk - 0 | |
| Spawnto_x86 - %windir%\syswow64\mstsc.exe | |
| Spawnto_x64 - %windir%\sysnative\mstsc.exe | |
| CryptoScheme - 0 | |
| Proxy_Config - Not Found | |
| Proxy_User - Not Found | |
| Proxy_Password - Not Found | |
| Proxy_Behavior - Use IE settings | |
| Watermark_Hash - Not Found | |
| Watermark - 426352781 | |
| bStageCleanup - True | |
| bCFGCaution - False | |
| KillDate - 0 | |
| bProcInject_StartRWX - False | |
| bProcInject_UseRWX - False | |
| bProcInject_MinAllocSize - 11234 | |
| ProcInject_PrependAppend_x86 - b'\x90\x90\x90\x90\x90\x90\x90' | |
| Empty | |
| ProcInject_PrependAppend_x64 - b'\x90\x90\x90\x90\x90\x90\x90' | |
| Empty | |
| ProcInject_Execute - CreateThread | |
| RtlCreateUserThread | |
| CreateRemoteThread | |
| ProcInject_AllocationMethod - VirtualAllocEx | |
| bUsesCookies - True | |
| HostHeader - | |
| headersToRemove - Not Found | |
| DNS_Beaconing - Not Found | |
| DNS_get_TypeA - Not Found | |
| DNS_get_TypeAAAA - Not Found | |
| DNS_get_TypeTXT - Not Found | |
| DNS_put_metadata - Not Found | |
| DNS_put_output - Not Found | |
| DNS_resolver - Not Found | |
| DNS_strategy - round-robin | |
| DNS_strategy_rotate_seconds - -1 | |
| DNS_strategy_fail_x - -1 | |
| DNS_strategy_fail_seconds - -1 | |
| Retry_Max_Attempts - Not Found | |
| Retry_Increase_Attempts - Not Found | |
| Retry_Duration - Not Found |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment