Overview

overview

10

Static

static

10

AMON-Eye/C...ock.py

windows7-x64

3

AMON-Eye/C...ock.py

windows10-2004-x64

3

AMON-Eye/C...ent.py

windows7-x64

3

AMON-Eye/C...ent.py

windows10-2004-x64

3

AMON-Eye/C...ver.py

windows7-x64

3

AMON-Eye/C...ver.py

windows10-2004-x64

3

AMON-Eye/C...dns.py

windows7-x64

3

AMON-Eye/C...dns.py

windows10-2004-x64

3

AMON-Eye/C...end.py

windows7-x64

3

AMON-Eye/C...end.py

windows10-2004-x64

3

AMON-Eye/C...ams.py

windows7-x64

3

AMON-Eye/C...ams.py

windows10-2004-x64

3

AMON-Eye/C..._ex.py

windows7-x64

3

AMON-Eye/C..._ex.py

windows10-2004-x64

3

AMON-Eye/C...ers.py

windows7-x64

3

AMON-Eye/C...ers.py

windows10-2004-x64

3

AMON-Eye/C...smb.py

windows7-x64

3

AMON-Eye/C...smb.py

windows10-2004-x64

3

AMON-Eye/C...age.py

windows7-x64

3

AMON-Eye/C...age.py

windows10-2004-x64

3

AMON-Eye/C...orm.py

windows7-x64

3

AMON-Eye/C...orm.py

windows10-2004-x64

3

AMON-Eye/C...rls.py

windows7-x64

3

AMON-Eye/C...rls.py

windows10-2004-x64

3

AMON-Eye/C...ert.sh

ubuntu-18.04-amd64

7

AMON-Eye/C...ert.sh

debian-9-armhf

7

AMON-Eye/C...ert.sh

debian-9-mips

1

AMON-Eye/C...ert.sh

debian-9-mipsel

7

AMON-Eye/C...ers.py

windows7-x64

3

AMON-Eye/C...ers.py

windows10-2004-x64

3

AMON-Eye/C...ile.py

windows7-x64

3

AMON-Eye/C...ile.py

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AMON-Eye.zip

  • Size

    70.9MB

  • MD5

    59f1014abbf5670b66986a3088dd6a8c

  • SHA1

    c0df4ddf5485485b284bff4993c85fd8413f8aca

  • SHA256

    8c2a7ddd3df7bf22b0e8d38ad9497b6e2d2eacf820316f5185663bdc73106b8e

  • SHA512

    8458bc5b8b061e16c3f03a07bb00f60f7f46c9646d765403b484eb0ac4f412ea75cea2c36e5714f2b8cef7ae70a751fd13c86ab3f43a1b080f7ee80535584c72

  • SSDEEP

    1572864:whKsDyW9sN7TRQtYxbKfy75edt+Ky2YG+xOq5FQBfev40K2tmr:wBDfsxTRQC375edt+Ky26xcWQ0rtc

Score
10/10
cobaltstrikemetasploit

Malware Config

Extracted

Family

cobaltstrike

C2

http://:4444YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY

http://M1�H��H��H��H��A������H��jAXL��H��A���7g��H1�H��A���8���M1�H1�H��A�t�;���H��H��A�unMa��H�Ġ:1220708680M1�H1�H��A�t�;���H��H��A�unMa��H�Ġ

http://M1�H��H��H��H��A������H��jAXL��H��A���ta��H��@:1220708680H��M1�jAXH��A���_��H�� ^��j@AYh
Attributes
  • user_agent

    h

Extracted

Family

metasploit

Version

windows/shell_reverse_tcp

C2

127.0.0.1:4444

Extracted

Family

metasploit

Version

metasploit_stager

C2

127.0.0.1:4444

Signatures

  • Cobalt Strike reflective loader 1 IoCs

    Detects the reflective loader used by Cobalt Strike.

  • Cobaltstrike family
    cobaltstrike
  • Metasploit family
    metasploit

Files

  • AMON-Eye.zip
    .zip
  • AMON-Eye/.off.c
    .ps1
  • AMON-Eye/BOF's/Active-Directory/GetDomainInfo.c
  • AMON-Eye/BOF's/Active-Directory/Makefile
  • AMON-Eye/BOF's/Active-Directory/beacon.h
  • AMON-Eye/BOF's/Amsi/README.txt
  • AMON-Eye/BOF's/Amsi/amsi-inject.c
  • AMON-Eye/BOF's/Amsi/beacon.h
  • AMON-Eye/BOF's/Curl-TLS/Makefile
  • AMON-Eye/BOF's/Curl-TLS/README.txt
  • AMON-Eye/BOF's/Curl-TLS/beacon.h
  • AMON-Eye/BOF's/Curl-TLS/curl.x64.o
  • AMON-Eye/BOF's/Curl-TLS/curl.x86.o
  • AMON-Eye/BOF's/Curl-TLS/entry.c
  • AMON-Eye/BOF's/ETW/README.txt
  • AMON-Eye/BOF's/ETW/beacon.h
  • AMON-Eye/BOF's/ETW/etw.c
  • AMON-Eye/BOF's/ETW/etw.x64.o
  • AMON-Eye/BOF's/ETW/etw.x86.o
  • AMON-Eye/BOF's/FindObjects-BOF/FindModule.c
  • AMON-Eye/BOF's/FindObjects-BOF/FindProcHandle.c
  • AMON-Eye/BOF's/FindObjects-BOF/Makefile
  • AMON-Eye/BOF's/FindObjects-BOF/NativeAPI.h
  • AMON-Eye/BOF's/FindObjects-BOF/README.txt
  • AMON-Eye/BOF's/FindObjects-BOF/Syscalls.h
  • AMON-Eye/BOF's/FindObjects-BOF/beacon.h
  • AMON-Eye/BOF's/Hijack/Makefile.msvc
  • AMON-Eye/BOF's/Hijack/README.txt
  • AMON-Eye/BOF's/Hijack/beacon.h
  • AMON-Eye/BOF's/Hijack/cThreadHijack.c
  • AMON-Eye/BOF's/Hijack/cThreadHijack.o
  • AMON-Eye/BOF's/Hijack/cThreadHijack.sln
  • AMON-Eye/BOF's/Hijack/cThreadHijack.vcxproj
    .xml
  • AMON-Eye/BOF's/Hijack/cThreadHijack.vcxproj.filters
  • AMON-Eye/BOF's/Hijack/cThreadHijack.vcxproj.user
  • AMON-Eye/BOF's/Hijack/libc.h
  • AMON-Eye/BOF's/Persistence/Makefile
  • AMON-Eye/BOF's/Persistence/RegistryPersistence.c
  • AMON-Eye/BOF's/Persistence/beacon.h
  • AMON-Eye/BOF's/StaticSyscallsAPCSpawn/Makefile
  • AMON-Eye/BOF's/StaticSyscallsAPCSpawn/README.txt
  • AMON-Eye/BOF's/StaticSyscallsAPCSpawn/Syscalls.h
  • AMON-Eye/BOF's/StaticSyscallsAPCSpawn/beacon.h
  • AMON-Eye/BOF's/StaticSyscallsAPCSpawn/entry.c
  • AMON-Eye/BOF's/StaticSyscallsAPCSpawn/syscallsapcspawn.x64.o
  • AMON-Eye/BOF's/StaticSyscallsDump/Makefile
  • AMON-Eye/BOF's/StaticSyscallsDump/README.txt
  • AMON-Eye/BOF's/StaticSyscallsDump/Syscalls.h
  • AMON-Eye/BOF's/StaticSyscallsDump/SyscallsDump.h
  • AMON-Eye/BOF's/StaticSyscallsDump/beacon.h
  • AMON-Eye/BOF's/StaticSyscallsDump/entry.c
  • AMON-Eye/BOF's/StaticSyscallsDump/syscallsdump.x64.o
  • AMON-Eye/BOF's/StaticSyscallsInject/Makefile
  • AMON-Eye/BOF's/StaticSyscallsInject/README.txt
  • AMON-Eye/BOF's/StaticSyscallsInject/Syscalls.h
  • AMON-Eye/BOF's/StaticSyscallsInject/beacon.h
  • AMON-Eye/BOF's/StaticSyscallsInject/entry.c
  • AMON-Eye/BOF's/StaticSyscallsInject/syscallsapcspawn.x64.o
  • AMON-Eye/BOF's/StaticSyscallsInject/syscallsinject.x64.o
  • AMON-Eye/BOF's/SyscallsInject/Makefile
  • AMON-Eye/BOF's/SyscallsInject/README.txt
  • AMON-Eye/BOF's/SyscallsInject/Syscalls.h
  • AMON-Eye/BOF's/SyscallsInject/beacon.h
  • AMON-Eye/BOF's/SyscallsInject/entry.c
  • AMON-Eye/BOF's/SyscallsInject/syscallsinject.x64.o
  • AMON-Eye/BOF's/Un-Hook/README.txt
  • AMON-Eye/BOF's/Un-Hook/make.bat
  • AMON-Eye/BOF's/Un-Hook/src/ReflectiveDLLInjection.h
  • AMON-Eye/BOF's/Un-Hook/src/ReflectiveLoader.h
  • AMON-Eye/BOF's/Un-Hook/src/apisetmap.c
  • AMON-Eye/BOF's/Un-Hook/src/apisetmap.h
  • AMON-Eye/BOF's/Un-Hook/src/beacon.h
  • AMON-Eye/BOF's/Un-Hook/src/refresh.c
  • AMON-Eye/BOF's/Un-Hook/src/refresh.h
  • AMON-Eye/BOF's/Un-Hook/src/unhook.c
  • AMON-Eye/BOF's/Un-Hook/src/unhook.h
  • AMON-Eye/BOF's/Un-Hook/unhook.x64.o
  • AMON-Eye/BOF's/Un-Hook/unhook.x86.o
  • AMON-Eye/BOF's/ZeroLogon/dist/zerologon.x64.o
  • AMON-Eye/BOF's/ZeroLogon/dist/zerologon.x86.o
  • AMON-Eye/BOF's/ZeroLogon/make.bat
  • AMON-Eye/BOF's/ZeroLogon/src/beacon.h
  • AMON-Eye/BOF's/ZeroLogon/src/zerologon.c
  • AMON-Eye/BOF's/process hollowing/README.txt
  • AMON-Eye/BOF's/process hollowing/beacon.h
  • AMON-Eye/BOF's/process hollowing/popCalc.bin
  • AMON-Eye/BOF's/process hollowing/process-hollowing.x64.c
  • AMON-Eye/BOF's/process hollowing/process-hollowing.x64.o
  • AMON-Eye/BOF's/secinject/README.txt
  • AMON-Eye/BOF's/secinject/dist/secinject.x64.o
  • AMON-Eye/BOF's/secinject/src/Makefile
  • AMON-Eye/BOF's/secinject/src/beacon.h
  • AMON-Eye/BOF's/secinject/src/libc.h
  • AMON-Eye/BOF's/secinject/src/secinject.c
  • AMON-Eye/BOF's/template/beacon.h
  • AMON-Eye/BOF's/template/examples/demo/build.bat
  • AMON-Eye/BOF's/template/examples/demo/build.sh
    .sh linux
  • AMON-Eye/BOF's/template/examples/demo/demo.c
  • AMON-Eye/BOF's/template/examples/hello/build.bat
  • AMON-Eye/BOF's/template/examples/hello/build.sh
    .sh linux
  • AMON-Eye/BOF's/template/examples/hello/hello.c
  • AMON-Eye/BOF's/template/examples/helloWorld/build.bat
  • AMON-Eye/BOF's/template/examples/helloWorld/build.sh
    .sh linux
  • AMON-Eye/BOF's/template/examples/helloWorld/hello.c
  • AMON-Eye/BOF's/template/readme.txt
  • AMON-Eye/BOF's/template/tests/build.sh
    .sh linux
  • AMON-Eye/BOF's/template/tests/src/.logs.c
    .jar
  • AMON-Eye/BOF's/template/tests/src/testBeaconDataIntegers.c
  • AMON-Eye/BOF's/template/tests/src/testBeaconDataLongLong.c
  • AMON-Eye/BOF's/template/tests/src/testBeaconDataMixDataTypes.c
  • AMON-Eye/BOF's/template/tests/src/testBeaconDataShorts.c
  • AMON-Eye/BOF's/template/tests/src/testBeaconDataStrings.c
  • AMON-Eye/BOF's/template/tests/src/testBeaconErrorD.c
  • AMON-Eye/BOF's/template/tests/src/testBeaconErrorDD.c
  • AMON-Eye/BOF's/template/tests/src/testBeaconErrorNA.c
  • AMON-Eye/BOF's/template/tests/src/testBeaconFormat.c
  • AMON-Eye/BOF's/template/tests/src/testBeaconOutput.c
  • AMON-Eye/BOF's/template/tests/src/testBeaconPrintf.c
  • AMON-Eye/C2-Profiles/APT/apt1_virtuallythere.profile
  • AMON-Eye/C2-Profiles/APT/comfoo.profile
  • AMON-Eye/C2-Profiles/APT/etumbot.profile
  • AMON-Eye/C2-Profiles/APT/havex.profile
  • AMON-Eye/C2-Profiles/APT/meterpreter.profile
  • AMON-Eye/C2-Profiles/APT/pitty_tiger.profile
  • AMON-Eye/C2-Profiles/APT/putter.profile
  • AMON-Eye/C2-Profiles/APT/string_of_paerls.profile
  • AMON-Eye/C2-Profiles/APT/taidoor.profile
  • AMON-Eye/C2-Profiles/concealer/C2concealer/__init__.py
  • AMON-Eye/C2-Profiles/concealer/C2concealer/__main__.py
    .py .sh linux
  • AMON-Eye/C2-Profiles/concealer/C2concealer/components/__init__.py
  • AMON-Eye/C2-Profiles/concealer/C2concealer/components/dnsoptions.py
  • AMON-Eye/C2-Profiles/concealer/C2concealer/components/getclient.py
  • AMON-Eye/C2-Profiles/concealer/C2concealer/components/getserver.py
  • AMON-Eye/C2-Profiles/concealer/C2concealer/components/globaloptions.py
  • AMON-Eye/C2-Profiles/concealer/C2concealer/components/httpconfig.py
  • AMON-Eye/C2-Profiles/concealer/C2concealer/components/postclient.py
  • AMON-Eye/C2-Profiles/concealer/C2concealer/components/postex.py
  • AMON-Eye/C2-Profiles/concealer/C2concealer/components/postserver.py
  • AMON-Eye/C2-Profiles/concealer/C2concealer/components/processinject.py
  • AMON-Eye/C2-Profiles/concealer/C2concealer/components/smboptions.py
  • AMON-Eye/C2-Profiles/concealer/C2concealer/components/ssloptions.py
  • AMON-Eye/C2-Profiles/concealer/C2concealer/components/stageblock.py
  • AMON-Eye/C2-Profiles/concealer/C2concealer/components/stagerclient.py
  • AMON-Eye/C2-Profiles/concealer/C2concealer/components/stagerserver.py
  • AMON-Eye/C2-Profiles/concealer/C2concealer/data/dns.py
  • AMON-Eye/C2-Profiles/concealer/C2concealer/data/file_type_prepend.py
    .py .js
  • AMON-Eye/C2-Profiles/concealer/C2concealer/data/params.py
  • AMON-Eye/C2-Profiles/concealer/C2concealer/data/post_ex.py
  • AMON-Eye/C2-Profiles/concealer/C2concealer/data/reg_headers.py
  • AMON-Eye/C2-Profiles/concealer/C2concealer/data/smb.py
  • AMON-Eye/C2-Profiles/concealer/C2concealer/data/stage.py
  • AMON-Eye/C2-Profiles/concealer/C2concealer/data/transform.py
  • AMON-Eye/C2-Profiles/concealer/C2concealer/data/urls.py
  • AMON-Eye/C2-Profiles/concealer/C2concealer/generate-cert.sh
    .sh linux
  • AMON-Eye/C2-Profiles/concealer/C2concealer/helpers.py
  • AMON-Eye/C2-Profiles/concealer/C2concealer/profile.py
  • AMON-Eye/C2-Profiles/concealer/C2concealer/tests/sanity_tests.py
  • AMON-Eye/C2-Profiles/concealer/Dockerfile
  • AMON-Eye/C2-Profiles/concealer/README.txt
  • AMON-Eye/C2-Profiles/concealer/install.sh
  • AMON-Eye/C2-Profiles/concealer/setup.py
  • AMON-Eye/C2-Profiles/crimeware/asprox.profile
  • AMON-Eye/C2-Profiles/crimeware/backoff.profile
  • AMON-Eye/C2-Profiles/crimeware/fiesta.profile
  • AMON-Eye/C2-Profiles/crimeware/fiesta2.profile
  • AMON-Eye/C2-Profiles/crimeware/magnitude.profile
  • AMON-Eye/C2-Profiles/crimeware/zeus.profile
  • AMON-Eye/C2-Profiles/demo/c2profile.c
  • AMON-Eye/C2-Profiles/demo/https.profile
  • AMON-Eye/C2-Profiles/demo/proxy_tcp.py
  • AMON-Eye/C2-Profiles/demo/proxy_udp.py
  • AMON-Eye/C2-Profiles/demo/rebind_tcp.c
  • AMON-Eye/C2-Profiles/demo/rebind_udp.c
  • AMON-Eye/C2-Profiles/normal/amazon.profile
  • AMON-Eye/C2-Profiles/normal/bingsearch_getonly.profile
  • AMON-Eye/C2-Profiles/normal/cnnvideo_getonly.profile
  • AMON-Eye/C2-Profiles/normal/gmail.profile
    .js
  • AMON-Eye/C2-Profiles/normal/googledrive_getonly.profile
  • AMON-Eye/C2-Profiles/normal/microsoftupdate_getonly.profile
  • AMON-Eye/C2-Profiles/normal/msnbcvideo_getonly.profile
  • AMON-Eye/C2-Profiles/normal/ocsp.profile
  • AMON-Eye/C2-Profiles/normal/onedrive_getonly.profile
  • AMON-Eye/C2-Profiles/normal/pandora.profile
  • AMON-Eye/C2-Profiles/normal/randomized.profile
  • AMON-Eye/C2-Profiles/normal/reference.profile
  • AMON-Eye/C2-Profiles/normal/rtmp.profile
  • AMON-Eye/C2-Profiles/normal/safebrowsing.profile
  • AMON-Eye/C2-Profiles/normal/webbug.profile
  • AMON-Eye/C2-Profiles/normal/webbug_getonly.profile
  • AMON-Eye/C2-Profiles/normal/wikipedia_getonly.profile
    .js
  • AMON-Eye/C2-Profiles/random/Pipfile
  • AMON-Eye/C2-Profiles/random/Pipfile.lock
  • AMON-Eye/C2-Profiles/random/core/action-wordlist.txt
    .vbs
  • AMON-Eye/C2-Profiles/random/core/functions.py
  • AMON-Eye/C2-Profiles/random/core/html_content.py
    .py .js
  • AMON-Eye/C2-Profiles/random/core/object-wordlist.txt
    .vbs
  • AMON-Eye/C2-Profiles/random/core/variables.py
  • AMON-Eye/C2-Profiles/random/random_c2profile.py
  • AMON-Eye/C2-Profiles/random/readme.txt
  • AMON-Eye/C2-Profiles/random/requirements.txt
  • AMON-Eye/C2-Profiles/random/templates/default_c2profile_template.jinja
  • AMON-Eye/JicopH00k.c
  • AMON-Eye/README.md
  • AMON-Eye/TeamServerImage
    .elf linux x64
  • AMON-Eye/cobaltstrike.auth
  • AMON-Eye/install.sh
    .sh linux
  • AMON-Eye/st.AppImage
  • AMON-Eye/start.sh
  • AMON-Eye/stor.c
  • AMON-Eye/teamserver.AppImage
    .sh linux