Hi,

There seems to be two issues with the way the PrependBytes functionality works within the aggressor script:

• The prependBytes call is happening before the modification of the MZ header. As a result, the first 4 bytes prepended will always be overwritten
• When calling prependBytes, it seems to be breaking something within the way BokuLoader works, which results to the original reflective loader being loaded. For this one, not entirely sure why it happens as the code running after it doesn't seem to affect it.

How to replicate the issue:

1. Edit BokuLoader.cna
2. Go to line 1032 and uncomment the call to prependBytes
3. Go to line 431 and add 4 characters at the start of the $Nops variable (e.g. "AAAAPS[X"). This is due to the fact that they will be overwritten by the magic_mz
4. Compile and load the Agressor Script on CS
5. Create a Payload with the prepended bytes
6. Check the binary created for the existence of the original reflective loader (simplest way is to run the YARA rule for the Windows_Trojan_Cobaltsrike indicator by Elastic:
   https://github.com/elastic/protections-artifacts/blob/main/yara/rules/Windows_Trojan_CobaltStrike.yar

Example output before and after uncommenting prepend:

Thank you for the descriptive issue post!
There was some issue with parsing the beacons for the obfuscation and I think that is what is breaking it. I haven’t had time to look into this.
Feel free to send a pull request to fix. Alternatively you can just build the beacon shell code and prepend the bytes on the command line