Windows

Squirrel.exeSquirrel.exe

Platform
Windows
Abuse functions
5
Mapped techniques
1

Description

Squirrel.exe is a Windows living-off-the-land binary catalogued by the LOLBAS Project. Documented abuse functions: Download, AWL Bypass, Execute. Mapped ATT&CK techniques (per LOLBAS / GTFOBins → MITRE crosswalk): T1105, T1218. Defenders should monitor execution of Squirrel.exe under non-administrative or sudo contexts and alert when its arguments match the abuse-function signatures.

Abuse functions· 5

DownloadT1218

Download binary

AWL BypassT1218

Download and execute binary

ExecuteT1218

Download and execute binary

AWL BypassT1218

Download and execute binary

ExecuteT1218

Download and execute binary

MITRE ATT&CK techniques· 1

T1218

Uses1

TypeTargetConfidenceTier
TechniqueSystem Binary Proxy Executiont1218100%live

Abuses2

TypeTargetConfidenceTier
TechniqueSystem Binary Proxy Executiont121885%live
TechniqueIngress Tool Transfert110585%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

LOLbin
Query.exe
LOLbin
Sc.exe
LOLbin
Remote.exe
LOLbin
Wsl.exe
LOLbin
Tracker.exe
LOLbin
At.exe
Sourced from LOLBAS Project. Curated by Adam Lundqvist, SQUR.