usualsuspect · November 28, 2023 20:24 · Nov 28, 2023
diff --git a/config.txt b/config.txt
@@ -0,0 +1,64 @@
+BeaconType                       - Hybrid HTTP DNS
+Port                             - 1
+SleepTime                        - 3000
+MaxGetSize                       - 1048576
+Jitter                           - 20
+MaxDNS                           - 255
+PublicKey_MD5                    - 34aa5e72eba144f50c75d5ad3bb11d43
+C2Server                         - ns1.data.microsoftdata.site,/ga.js,ns2.data.microsoftdata.site,/visit.js,ns3.data.microsoftdata.site,/IE9CompatViewList.xml,ns4.data.microsoftdata.site,/dpixel
+UserAgent                        - Not Found
+HttpPostUri                      - Not Found
+Malleable_C2_Instructions        - Not Found
+HttpGet_Metadata                 - Not Found
+HttpPost_Metadata                - Not Found
+PipeName                         - Not Found
+DNS_Idle                         - 0.0.0.0
+DNS_Sleep                        - 0
+SSH_Host                         - Not Found
+SSH_Port                         - Not Found
+SSH_Username                     - Not Found
+SSH_Password_Plaintext           - Not Found
+SSH_Password_Pubkey              - Not Found
+SSH_Banner                       - 
+HttpGet_Verb                     - GET
+HttpPost_Verb                    - POST
+HttpPostChunk                    - 0
+Spawnto_x86                      - %windir%\syswow64\rundll32.exe
+Spawnto_x64                      - %windir%\sysnative\rundll32.exe
+CryptoScheme                     - 0
+Proxy_Config                     - Not Found
+Proxy_User                       - Not Found
+Proxy_Password                   - Not Found
+Proxy_Behavior                   - Use IE settings
+Watermark_Hash                   - BeudtKgqnlm0Ruvf+VYxuw==
+Watermark                        - 100000
+bStageCleanup                    - False
+bCFGCaution                      - False
+KillDate                         - 0
+bProcInject_StartRWX             - True
+bProcInject_UseRWX               - True
+bProcInject_MinAllocSize         - 0
+ProcInject_PrependAppend_x86     - Empty
+ProcInject_PrependAppend_x64     - Empty
+ProcInject_Execute               - CreateThread
+                                   SetThreadContext
+                                   CreateRemoteThread
+                                   RtlCreateUserThread
+ProcInject_AllocationMethod      - VirtualAllocEx
+bUsesCookies                     - True
+HostHeader                       - 
+headersToRemove                  - Not Found
+DNS_Beaconing                    - 
+DNS_get_TypeA                    - cdn.
+DNS_get_TypeAAAA                 - www6.
+DNS_get_TypeTXT                  - api.
+DNS_put_metadata                 - www.
+DNS_put_output                   - post.
+DNS_resolver                     - 
+DNS_strategy                     - round-robin
+DNS_strategy_rotate_seconds      - -1
+DNS_strategy_fail_x              - -1
+DNS_strategy_fail_seconds        - -1
+Retry_Max_Attempts               - 0
+Retry_Increase_Attempts          - 0
+Retry_Duration                   - 0