Windows

Bginfo.exeBginfo.exe

Platform
Windows
Abuse functions
6
Mapped techniques
1

Description

Bginfo.exe is a Windows living-off-the-land binary catalogued by the LOLBAS Project. Documented abuse functions: Execute, AWL Bypass. Mapped ATT&CK techniques (per LOLBAS / GTFOBins → MITRE crosswalk): T1218. Defenders should monitor execution of Bginfo.exe under non-administrative or sudo contexts and alert when its arguments match the abuse-function signatures.

Abuse functions· 6

ExecuteT1218

Local execution of VBScript

AWL BypassT1218

Local execution of VBScript

ExecuteT1218

Remote execution of VBScript

AWL BypassT1218

Remote execution of VBScript

ExecuteT1218

Remote execution of VBScript

AWL BypassT1218

Remote execution of VBScript

MITRE ATT&CK techniques· 1

T1218

Uses1

TypeTargetConfidenceTier
TechniqueSystem Binary Proxy Executiont1218100%live

Abuses1

TypeTargetConfidenceTier
TechniqueSystem Binary Proxy Executiont121885%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

LOLbin
Bash.exe
LOLbin
Vshadow.exe
LOLbin
wbemtest.exe
LOLbin
Bcp.exe
LOLbin
Manage-bde.wsf
LOLbin
winfile.exe
Sourced from LOLBAS Project. Curated by Adam Lundqvist, SQUR.