API tools faq
paste
jroosen

Emotet CS Beacon Config E5 - 2021-12-07

jroosen
Dec 7th, 2021
13,592
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.23 KB | None | 0 0
raw download clone embed print report
  1. BeaconType - HTTPS
  2. Port - 443
  3. SleepTime - 5000
  4. MaxGetSize - 1403644
  5. Jitter - 10
  6. MaxDNS - Not Found
  7. PublicKey_MD5 - 526021dac6c1dbd02cb609cc592e766f
  8. C2Server - lartmana.com,/jquery-3.3.1.min.js
  9. UserAgent - Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
  10. HttpPostUri - /jquery-3.3.2.min.js
  11. Malleable_C2_Instructions - Remove 1522 bytes from the end
  12. Remove 84 bytes from the beginning
  13. Remove 3931 bytes from the beginning
  14. Base64 URL-safe decode
  15. XOR mask w/ random key
  16. HttpGet_Metadata - ConstHeaders
  17. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  18. Referer: http://code.jquery.com/
  19. Accept-Encoding: gzip, deflate
  20. Metadata
  21. base64url
  22. prepend "__cfduid="
  23. header "Cookie"
  24. HttpPost_Metadata - ConstHeaders
  25. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  26. Referer: http://code.jquery.com/
  27. Accept-Encoding: gzip, deflate
  28. SessionId
  29. mask
  30. base64url
  31. parameter "__cfduid"
  32. Output
  33. mask
  34. base64url
  35. print
  36. PipeName - Not Found
  37. DNS_Idle - Not Found
  38. DNS_Sleep - Not Found
  39. SSH_Host - Not Found
  40. SSH_Port - Not Found
  41. SSH_Username - Not Found
  42. SSH_Password_Plaintext - Not Found
  43. SSH_Password_Pubkey - Not Found
  44. SSH_Banner -
  45. HttpGet_Verb - GET
  46. HttpPost_Verb - POST
  47. HttpPostChunk - 0
  48. Spawnto_x86 - %windir%\syswow64\dllhost.exe
  49. Spawnto_x64 - %windir%\sysnative\dllhost.exe
  50. CryptoScheme - 0
  51. Proxy_Config - Not Found
  52. Proxy_User - Not Found
  53. Proxy_Password - Not Found
  54. Proxy_Behavior - Use IE settings
  55. Watermark - 0
  56. bStageCleanup - True
  57. bCFGCaution - False
  58. KillDate - 0
  59. bProcInject_StartRWX - False
  60. bProcInject_UseRWX - False
  61. bProcInject_MinAllocSize - 17500
  62. ProcInject_PrependAppend_x86 - b'\x90\x90'
  63. Empty
  64. ProcInject_PrependAppend_x64 - b'\x90\x90'
  65. Empty
  66. ProcInject_Execute - ntdll:RtlUserThreadStart
  67. CreateThread
  68. NtQueueApcThread-s
  69. CreateRemoteThread
  70. RtlCreateUserThread
  71. ProcInject_AllocationMethod - NtMapViewOfSection
  72. bUsesCookies - True
  73. HostHeader -
  74. headersToRemove - Not Found
  75. DNS_Beaconing - Not Found
  76. DNS_get_TypeA - Not Found
  77. DNS_get_TypeAAAA - Not Found
  78. DNS_get_TypeTXT - Not Found
  79. DNS_put_metadata - Not Found
  80. DNS_put_output - Not Found
  81. DNS_resolver - Not Found
  82. DNS_strategy - round-robin
  83. DNS_strategy_rotate_seconds - -1
  84. DNS_strategy_fail_x - -1
  85. DNS_strategy_fail_seconds - -1
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!