DropperBAT
Ultra compact (326 byte) BAT dropper. LOLBins uses: curl, rundll32, ping, type. upd5.pro downloads 02.dll and qd_x86.exe from the fake update server. Trace removal: DLL overwriting with conhost.exe.
Threat Profile
Type
Loader
Programming LanguageBatch
C2 ProtocolHTTPS
First Seen2025
Targets
Kuresel
Purpose / Capabilities
- Dropper/Loader
No C2 servers have been identified for this family yet.
Research Reports (1)
DropperBAT 3b3bd812 -- upd5pro curl-02dll rundll32-checkit qd_x86exe ping-sandbox-evasion conhost-overwrite-trace-deletion LOLBins | Yuksek
DropperBAT 3b3bd812 326 byte. curl upd5.pro/update/02.dll + rundll32.exe checkit. qd_x86.exe. Sandbox: ping -n 5. Iz silme: conhost.exe overwrite. LOLBins teknik.
Read Report →