usualsuspect · October 1, 2024 12:28
diff --git a/config.txt b/config.txt
 BeaconType                       - Hybrid HTTP DNS
 Port                             - 1
 SleepTime                        - 258000
 MaxGetSize                       - 1527201
 Jitter                           - 70
 MaxDNS                           - 255
 PublicKey_MD5                    - 111d7dcba67aa777ffbee816c78745e7
 C2Server                         - ns.nacta.in,/watch/4827893
 UserAgent                        - Not Found
 HttpPostUri                      - Not Found
 Malleable_C2_Instructions        - Not Found
 HttpGet_Metadata                 - Not Found
 HttpPost_Metadata                - Not Found
 PipeName                         - Not Found
 DNS_Idle                         - 208.67.222.222
 DNS_Sleep                        - 1130
 SSH_Host                         - Not Found
 SSH_Port                         - Not Found
 SSH_Username                     - Not Found
 SSH_Password_Plaintext           - Not Found
 SSH_Password_Pubkey              - Not Found
 SSH_Banner                       - 
 HttpGet_Verb                     - GET
 HttpPost_Verb                    - POST
 HttpPostChunk                    - 96
 Spawnto_x86                      - %windir%\syswow64\svchost.exe
 Spawnto_x64                      - %windir%\sysnative\svchost.exe
 CryptoScheme                     - 0
 Proxy_Config                     - Not Found
 Proxy_User                       - Not Found
 Proxy_Password                   - Not Found
 Proxy_Behavior                   - Use IE settings
 Watermark_Hash                   - Vbi/d5GsmtZldELooLqdHw==
 Watermark                        - 666666666
 bStageCleanup                    - True
 bCFGCaution                      - True
 KillDate                         - 0
 bProcInject_StartRWX             - True
 bProcInject_UseRWX               - True
 bProcInject_MinAllocSize         - 12000
 ProcInject_PrependAppend_x86     - b'\x90\x90\x90\x90\x90\x90'
                                   Empty
 ProcInject_PrependAppend_x64     - b'\x90\x90\x90\x90\x90\x90\x90\x90\x90'
                                   Empty
 ProcInject_Execute               - ntdll.dll:RtlUserThreadStart
                                   SetThreadContext
                                   NtQueueApcThread-s
                                   kernel32.dll:LoadLibraryA
                                   CreateRemoteThread
                                   RtlCreateUserThread
 ProcInject_AllocationMethod      - NtMapViewOfSection
 bUsesCookies                     - False
 HostHeader                       - 
 headersToRemove                  - Not Found
 DNS_Beaconing                    - pk.
 DNS_get_TypeA                    - cert.
 DNS_get_TypeAAAA                 - pkm.
 DNS_get_TypeTXT                  - mx.
 DNS_put_metadata                 - ad.
 DNS_put_output                   - prm.
 DNS_resolver                     - 
 DNS_strategy                     - round-robin
 DNS_strategy_rotate_seconds      - -1
 DNS_strategy_fail_x              - -1
 DNS_strategy_fail_seconds        - -1
 Retry_Max_Attempts               - 0
 Retry_Increase_Attempts          - 0
 Retry_Duration                   - 0
	BeaconType - Hybrid HTTP DNS
	Port - 1
	SleepTime - 258000
	MaxGetSize - 1527201
	Jitter - 70
	MaxDNS - 255
	PublicKey_MD5 - 111d7dcba67aa777ffbee816c78745e7
	C2Server - ns.nacta.in,/watch/4827893
	UserAgent - Not Found
	HttpPostUri - Not Found
	Malleable_C2_Instructions - Not Found
	HttpGet_Metadata - Not Found
	HttpPost_Metadata - Not Found
	PipeName - Not Found
	DNS_Idle - 208.67.222.222
	DNS_Sleep - 1130
	SSH_Host - Not Found
	SSH_Port - Not Found
	SSH_Username - Not Found
	SSH_Password_Plaintext - Not Found
	SSH_Password_Pubkey - Not Found
	SSH_Banner -
	HttpGet_Verb - GET
	HttpPost_Verb - POST
	HttpPostChunk - 96
	Spawnto_x86 - %windir%\syswow64\svchost.exe
	Spawnto_x64 - %windir%\sysnative\svchost.exe
	CryptoScheme - 0
	Proxy_Config - Not Found
	Proxy_User - Not Found
	Proxy_Password - Not Found
	Proxy_Behavior - Use IE settings
	Watermark_Hash - Vbi/d5GsmtZldELooLqdHw==
	Watermark - 666666666
	bStageCleanup - True
	bCFGCaution - True
	KillDate - 0
	bProcInject_StartRWX - True
	bProcInject_UseRWX - True
	bProcInject_MinAllocSize - 12000
	ProcInject_PrependAppend_x86 - b'\x90\x90\x90\x90\x90\x90'
	Empty
	ProcInject_PrependAppend_x64 - b'\x90\x90\x90\x90\x90\x90\x90\x90\x90'
	Empty
	ProcInject_Execute - ntdll.dll:RtlUserThreadStart
	SetThreadContext
	NtQueueApcThread-s
	kernel32.dll:LoadLibraryA
	CreateRemoteThread
	RtlCreateUserThread
	ProcInject_AllocationMethod - NtMapViewOfSection
	bUsesCookies - False
	HostHeader -
	headersToRemove - Not Found
	DNS_Beaconing - pk.
	DNS_get_TypeA - cert.
	DNS_get_TypeAAAA - pkm.
	DNS_get_TypeTXT - mx.
	DNS_put_metadata - ad.
	DNS_put_output - prm.
	DNS_resolver -
	DNS_strategy - round-robin
	DNS_strategy_rotate_seconds - -1
	DNS_strategy_fail_x - -1
	DNS_strategy_fail_seconds - -1
	Retry_Max_Attempts - 0
	Retry_Increase_Attempts - 0
	Retry_Duration - 0