The CrossC2 framework generates obfuscated Cobalt Strike payloads for Unix-like systems. These payloads contain encrypted configurations and potentially Malleable C2 profiles within an appended overlay. The payload itself may be packed with UPX and further obfuscated with techniques like LLVM string encryption. The configurations are encrypted using AES-128 CBC with a hardcoded key and IV.