Skip to content

Instantly share code, notes, and snippets.

@usualsuspect
Created June 17, 2022 09:13
Show Gist options
  • Save usualsuspect/6f98b32809b3ece0d61a749f30e90a3d to your computer and use it in GitHub Desktop.
Save usualsuspect/6f98b32809b3ece0d61a749f30e90a3d to your computer and use it in GitHub Desktop.
Cobalt Strike config for beacon dropped by Matanbuchus
BeaconType - HTTPS
Port - 443
SleepTime - 53605
MaxGetSize - 1398447
Jitter - 63
MaxDNS - Not Found
PublicKey_MD5 - d625126bd4d7cf421d2d001fc29c7ce2
C2Server - 190.123.44.220,/thaw.txt
UserAgent - Mozilla/5.0 (Linux; Android 9; ONEPLUS A3003) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.74 Mobile Safari/537.36
HttpPostUri - /shorten
Malleable_C2_Instructions - Remove 339 bytes from the beginning
Base64 decode
XOR mask w/ random key
HttpGet_Metadata - ConstHeaders
Host: reykh.icu
Connection: close
Accept: text/css
Metadata
base64url
base64
prepend "LXGUID="
header "Cookie"
HttpPost_Metadata - ConstHeaders
Host: reykh.icu
Connection: close
Accept-Encoding: compress
Content-Type: text/plain
SessionId
base64
prepend "__session__id="
header "Cookie"
Output
netbiosu
base64
print
PipeName - Not Found
DNS_Idle - Not Found
DNS_Sleep - Not Found
SSH_Host - Not Found
SSH_Port - Not Found
SSH_Username - Not Found
SSH_Password_Plaintext - Not Found
SSH_Password_Pubkey - Not Found
SSH_Banner -
HttpGet_Verb - GET
HttpPost_Verb - POST
HttpPostChunk - 0
Spawnto_x86 - %windir%\syswow64\mstsc.exe
Spawnto_x64 - %windir%\sysnative\mstsc.exe
CryptoScheme - 0
Proxy_Config - Not Found
Proxy_User - Not Found
Proxy_Password - Not Found
Proxy_Behavior - Use IE settings
Watermark_Hash - Not Found
Watermark - 426352781
bStageCleanup - True
bCFGCaution - False
KillDate - 0
bProcInject_StartRWX - False
bProcInject_UseRWX - False
bProcInject_MinAllocSize - 11234
ProcInject_PrependAppend_x86 - b'\x90\x90\x90\x90\x90\x90\x90'
Empty
ProcInject_PrependAppend_x64 - b'\x90\x90\x90\x90\x90\x90\x90'
Empty
ProcInject_Execute - CreateThread
RtlCreateUserThread
CreateRemoteThread
ProcInject_AllocationMethod - VirtualAllocEx
bUsesCookies - True
HostHeader -
headersToRemove - Not Found
DNS_Beaconing - Not Found
DNS_get_TypeA - Not Found
DNS_get_TypeAAAA - Not Found
DNS_get_TypeTXT - Not Found
DNS_put_metadata - Not Found
DNS_put_output - Not Found
DNS_resolver - Not Found
DNS_strategy - round-robin
DNS_strategy_rotate_seconds - -1
DNS_strategy_fail_x - -1
DNS_strategy_fail_seconds - -1
Retry_Max_Attempts - Not Found
Retry_Increase_Attempts - Not Found
Retry_Duration - Not Found
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment