AdaptixC2: A New Open-Source Framework Leveraged in Real-World Attacks

Executive Summary

In early May 2025, Unit 42 researchers observed that AdaptixC2 was used to infect several systems.

AdaptixC2 is a recently identified, open-source post-exploitation and adversarial emulation framework made for penetration testers that threat actors are using in campaigns. Unlike many well-known C2 frameworks, AdaptixC2 has remained largely under the radar. There is limited public documentation available demonstrating its use in real-world attacks. Our research looks at what AdaptixC2 can do, helping security teams to defend against it.

AdaptixC2 is a versatile post-exploitation framework. Threat actors use it to execute commands, transfer files and perform data exfiltration on compromised systems. Because it’s open-source, threat actors can easily customize and adapt it for their specific objectives. This makes it a highly flexible and dangerous tool.

The emergence of AdaptixC2 as a tool used in the wild by threat actors highlights a growing trend of attackers using customizable frameworks to evade detection.

Palo Alto Networks customers are better protected from the threats described in this article through the following products:

• Advanced DNS Security
• Advanced Threat Prevention
• Advanced URL Filtering
• Advanced WildFire
• Cortex XDR and XSIAM

If you think you might have been compromised or have an urgent matter, contact the Unit 42 Incident Response team.

Technical Analysis of the AdaptixC2 Adversarial Framework

AdaptixC2 is an open-source C2 framework that we recently saw being used in several real-world attacks.

We identified two AdaptixC2 infections. One case leveraged social engineering techniques. We assess with high confidence that the other used AI-based code generation tools.

AdaptixC2 Functionality

AdaptixC2 is a red teaming tool that can be used to perform adversarial actions, which can be expanded for customization. If this were used by a threat actor, they could comprehensively control impacted machines, to execute a wide range of actions. These include:

• Manipulating the file system
• Listing directories
• Creating, modifying and deleting files and folders
• Enumerating running processes
• Terminating specific applications
• Initiating new program executions

Threat actors use these capabilities to establish and maintain a foothold in an environment, further explore the compromised system and move laterally within the network.

To facilitate covert communication and bypass network restrictions, the framework supports sophisticated tunneling capabilities, including SOCKS4/5 proxy functionality and port forwarding. This enables attackers to maintain communication channels even if the network is heavily protected.

AdaptixC2 is designed to be modular, using “extenders” that act like plugins for both listeners and agents. This lets hackers create custom payloads and ways to avoid detection that are specific to the system they're attacking. AdaptixC2 also supports Beacon Object Files (BOFs), which let attackers run small, custom programs written in C directly within the agent's process to evade detection.

AdaptixC2’s beacon agents are equipped with dedicated commands for transferring data quickly and secretly. These agents support both x86 and x64 architectures, and can be generated in various formats, including:

• Standalone executables (EXEs)
• Dynamic-link libraries (DLLs)
• Service executables
• Raw shellcode

Attackers can use the AdaptixC2 framework to steal data from the compromised network. This data exfiltration functionality allows configurable chunk sizes for file downloads and uploads, as network-based detection is likely to see smaller segments as less suspicious.

The AdaptixC2 interface shows linked agents and sessions in a graphical view. Figure 1 shows an attacker’s view of how multi-stage attacks are progressing and what paths are available for moving around a targeted network.

AdaptixC2 also has features to help the attacker maintain operational security (OpSec). These include parameters that help them blend in with normal network traffic:

• KillDate – This sets a date to make the beacon stop working
• WorkingTime – This sets the beacon to only be active during certain hours

Additionally, threat actors can modify and enhance the agent using custom obfuscation, anti-analysis and evasion techniques, making it a continuously evolving threat.

Configuration

​​AdaptixC2’s configuration is encrypted, and supports three primary beacon types through specialized profile structures:

• BEACON_HTTP for web-based communication
• BEACON_SMB for named pipe communication
• BEACON_TCP for direct TCP connections

The HTTP profile is the most common beacon variant and contains typical web communication parameters such as:

• Servers
• Ports
• SSL settings
• HTTP methods
• URIs
• Headers
• User-agent strings

The SMB profile uses Windows named pipes when HTTP might be blocked or monitored. The TCP profile is used to create direct socket connections with the option to prepend data for basic protocol obfuscation.

AdaptixC2 includes a built-in default configuration that demonstrates typical deployment parameters. The default HTTP profile targets 172.16.196.1:4443 using HTTPS communication, with a POST method to the /uri.php endpoint and the X-Beacon-Id parameter for beacon identification.

Figure 2 shows how to configure the beacon.

After clicking “Create,” the beacon builder encrypts the configuration with RC4 and then embeds it in the compiled beacon. The encrypted configuration is stored as follows:

• 4 bytes: Configuration size (32-bit integer)
• N bytes: RC4-encrypted configuration data
• 16 bytes: RC4 encryption key

The following code is the key extraction logic, taken from AgentConfig.cpp:

Extracting Configuration From Malicious Samples

Because the encryption is simple and predictable, defenders can develop an extractor that will extract configurations from samples automatically. This extraction tool should work in the same way that the beacon loads its own configurations.

The extractor locates the configuration in the PE file’s .rdata section. It then extracts the size (first four bytes), encrypted data block and RC4 key (last 16 bytes). After using the embedded RC4 key to decrypt the data, it parses the plaintext configuration by unpacking the following fields:

• Agent type
• SSL flag
• Server count
• Servers/ports
• HTTP parameters
• Timing settings

Using this method, we created a tool that can process AdaptixC2 samples and get their embedded configurations. The complete extractor code supports the BEACON_HTTP variant. This tool is provided in the Configuration Extractor Example section. Researchers can use this extractor to analyze AdaptixC2 samples or adapt the code for other variants.

Following is the built-in default configuration of the beacon.

AdaptixC2 Scenarios

Scenario 1: Fake HelpDesk Support Leads to AdaptixC2 Infection

In May 2025, we investigated multiple incidents where threat actors installed AdaptixC2 beacons. In some cases, we observed threat actors using the same attack vector, shown in Figure 3.

Initial Compromise

The threat actors leveraged trust in Microsoft Teams to trick people into giving them access to company systems. In one case, attackers used phishing attacks to impersonate IT support personnel (using subject lines like “Help Desk (External) | Microsoft Teams”). This convinced employees to initiate legitimate remote assistance sessions using tools like the Quick Assist Remote Monitoring and Management (RMM) tool.

Threat actors often misuse legitimate products for malicious purposes. This does not necessarily imply a flaw or malicious quality to the legitimate product being misused.

The 2025 Unit 42 Global Incident Response Report: Social Engineering Edition noted that social engineering techniques like this are the most prevalent initial access vector for compromises we observe. This initial access provides the attackers with a foothold within the targeted system, without having to bypass perimeter defenses such as firewalls and intrusion detection systems.

AdaptixC2 Deployment and Persistence via Shellcode Execution

The attackers deployed the AdaptixC2 beacon using a multi-stage PowerShell loader that downloads an encoded and encrypted payload from a link to a legitimate service,

Once downloaded, the PowerShell script decrypts the payload using a simple XOR key. Instead of writing the decrypted payload to disk, which would make it easier to detect, the script leverages .NET capabilities to allocate memory within the PowerShell process itself. The script then copies the decrypted payload, which is actually shellcode, into this allocated memory region. This fileless approach significantly reduces the attacker’s footprint on the system.

The script uses a technique called “dynamic invocation” to execute the shellcode directly from memory. It does this using the GetDelegateForFunctionPointer method, which dynamically creates a delegate (a type-safe function pointer) that points to the beginning of the shellcode in memory. The script then calls this delegate as if it were a normal function, effectively executing the shellcode without writing an executable file to disk. To guarantee the malicious process automatically starts after reboot, the script creates a shortcut in the startup folder. Figure 4 shows the PowerShell script.

The beacon variant loaded in this attack had the following configuration:

Post-Exploitation Activity and Containment

Following the successful deployment of AdaptixC2, the attackers initiated reconnaissance activities, using command-line tools to gather information about the compromised systems and network. This included discovery commands such as nltest.exe, whoami.exe and ipconfig.exe.

The beacon then established communication with a remote server, enabling the threat actors to obtain C2 on the infected machine.

Scenario 2: Infection Involving AI-Generated Script

In another case, threat actors deployed a PowerShell script that was designed to deploy AdaptixC2 beacons. We assess with high confidence that this script was AI-generated. This deployment was done both through in-memory shellcode injection and using a file-based DLL hijacking persistence mechanism. The script, shown in Figure 5, focuses on staying hidden on the impacted system to give the hackers a strong foothold.

Detailed Analysis of the AI-Generated PowerShell

• Downloading and decoding shellcode: The script downloads a Base64-encoded shellcode payload from a remote server using Invoke-RestMethod. The downloaded content is then decoded.
• Allocating memory, copying shellcode and changing memory protection: The script allocates a block of unmanaged memory. The AdaptixC2 shellcode is then copied into the allocated memory and changes the memory protection attributes of the allocated memory region via VirtualProtect to 0x40 (PAGE_EXECUTE_READWRITE). This enables the execution of the shellcode.
• Executing shellcode via dynamic invocation: As in the previous case, the attacker used GetDelegateForFunctionPointer to create a delegate instance that points to the beginning of the shellcode in memory. The attacker then used the Invoke() method to execute the shellcode, launching the in-memory beacon.
• DLL hijacking persistence: The script targets the APPDATA\Microsoft\Windows\Templates directory for DLL hijacking, using msimg32.dll. This DLL is also a beacon version.
• Persistence via registry run key: The script creates a registry entry in the run key named “Updater,” with a PowerShell command that executes the loader.ps1 script. This ensures that the loader.ps1 script runs every time the user logs in, to execute the beacon.

AI Script Generation

The structure and composition of this PowerShell script strongly suggests that the attacker used AI-assisted generation. The following stylistic elements are commonly observed in code generated by AI tools:

• Verbose, numbered comments:
  • "# === [1] Download and decode shellcode ==="
• Check mark icons in the output message:
  • Write-Output "[✔] Persistence set via Run key and DLL hijack DLL dropped to $templatesPath"

We assess with high confidence that the code was generated with the assistance of AI. This is based on the factors above, as well as evidence gathered from the attacker’s server and results extracted from two separate AI detectors.

AI tools without sufficient guardrails can let attackers rapidly develop malicious code, making it easier to execute operations in infected networks.

Similarities Between the Cases

A consistent pattern emerged across both of these incidents:

• PowerShell-based loaders
  • Threat actors used these loaders to deploy the AdaptixC2 beacon, prioritizing stealth and persistent access.
• Downloading a payload from a remote server and executing it in memory
  • Using a legitimate resource helped the attackers to stay under the radar, by minimizing detectable traces on disk.
• Relying on .NET capabilities for memory allocation and dynamic invocation
  • Threat actors leveraged built-in system functionalities like the GetDelegateForFunctionPointer method to execute shellcode, for efficiency and stealth.
• Preventing beacon removal with persistence mechanisms
  • While the first script relied solely on a shortcut in the startup folder for persistence, the second added DLL hijacking.
  • This gives attackers more ways to stay on the compromised system.
• Using similar naming conventions for scripts and run keys
  • In one case, the attackers named the malicious script update.ps1. In another case, the run key for persistence was called Updater.
  • This naming helps scripts and keys to blend in with legitimate system processes.

Increasing Prevalence of AdaptixC2 Framework

Our telemetry and threat intelligence show that AdaptixC2 is becoming more common. We continue to identify new AdaptixC2 servers, suggesting that more threat actors are adopting this framework as part of their attack toolkit.

This trend extends beyond typical post-exploitation scenarios. For example, attackers deployed Fog ransomware alongside AdaptixC2 in a recent attack on a financial institution in Asia. This shows that AdaptixC2 is versatile and can be used with other malicious tools, like ransomware, to achieve broader objectives.

Conclusion

AdaptixC2 is an adaptable threat, which is shown by its increasing popularity with threat actors and the complexity of its deployment techniques. The framework’s modularity, combined with the potential for AI-assisted code generation, could allow threat actors to rapidly evolve their tactics. Security teams must remain aware of AdaptixC2’s capabilities and proactively adapt their defenses to counter this threat.

Palo Alto Networks customers are better protected from the threats discussed above through the following products and services:

• Advanced URL Filtering and Advanced DNS Security identify known domains and URLs associated with this activity as malicious.
• Advanced Threat Prevention has an inbuilt machine learning-based detection that can detect exploits in real time.
• TheAdvanced WildFire machine-learning models and analysis techniques have been reviewed and updated in light of the indicators shared in this research.
• Cortex XDR and XSIAM help prevent malware by employing the Malware Prevention Engine. This approach combines several layers of protection designed to prevent both known and unknown malware from causing harm to your endpoints. The mitigation techniques that the Malware Prevention Engine employs vary by endpoint type.

If you think you may have been compromised or have an urgent matter, get in touch with the Unit 42 Incident Response team or call:

• North America: Toll Free: +1 (866) 486-4842 (866.4.UNIT42)
• UK: +44.20.3743.3660
• Europe and Middle East: +31.20.299.3130
• Asia: +65.6983.8730
• Japan: +81.50.1790.0200
• Australia: +61.2.4062.7950
• India: 00080005045107

Palo Alto Networks has shared these findings with our fellow Cyber Threat Alliance (CTA) members. CTA members use this intelligence to rapidly deploy protections to their customers and to systematically disrupt malicious cyber actors. Learn more about the Cyber Threat Alliance.

Indicators of Compromise

Yara Rules

Defenders can use these Yara rules to check for the presence of AdaptixC2 beacons on machines.

AdaptixC2 HTTP/SMB/TCP Beacon

AdaptixC2 Go Beacon

AdaptixC2 Loader

Hunting Rules

• Query description: The following XQL query hunts for phishing activity conducted via the Teams application that leads to RMM execution. These attributes are commonly targeted by attackers to deploy AdaptixC2 beacons.
• Investigation notes: Start by checking the User Session Title. Look for RMM tool execution and child process or file creation using the RMM tool. Look for alerts or suspicious executions such as cmd or PowerShell by the compromised user (actor_effective_username).

Configuration Extractor Example

The following code is an example of a configuration extractor that extracts configurations from HTTP beacon files.

Additional Resources

• AdaptixC2 – GitHub
• Fog Ransomware: Unusual Toolset Used in Recent Attack – Symantec
• 2025 Unit 42 Global Incident Response Report: Social Engineering Edition – Unit 42
• What is Phishing – Palo Alto Networks
• What is RMM – ManageEngine
• What Are Fileless Malware Attacks – Palo Alto Networks
• DLL Hijacking Techniques – Unit 42
• Unit 42 Develops Agentic AI Attack Framework – Palo Alto Networks
• Marshal.GetDelegateForFunctionPointer Method – Microsoft Docs
• Invoke-RestMethod (PowerShell) – Microsoft Docs
• VirtualProtect function – Microsoft Docs
• Memory Protection Constants – Microsoft Docs
• MITRE ATT&CK T1547.001 – MITRE