Skip to content

Commit 5067f15

Browse files
github-actions[bot]github-actions[bot]
committed
1 parent 9324a55 commit 5067f15

File tree

1 file changed

+27
-0
lines changed

1 file changed

+27
-0
lines changed

_lolbas/Binaries/Sftp.md

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
---
2+
Name: Sftp.exe
3+
Description: sftp.exe is a Windows command-line utility that uses the Secure File Transfer Protocol (SFTP) to securely transfer files between a local machine and a remote server.
4+
Author: Swachchhanda Shrawan Poudel
5+
Created: 2025-05-13
6+
Commands:
7+
- Command: sftp -o ProxyCommand="{CMD}" .
8+
Description: "Spawns ssh.exe which in turn spawns the specified command line. See also this project's entry for ssh.exe."
9+
Usecase: Proxy execution of specified command, can be used as a defensive evasion.
10+
Category: Execute
11+
Privileges: User
12+
MitreID: T1202
13+
OperatingSystem: Windows 10, Windows 11
14+
Tags:
15+
- Execute: CMD
16+
Full_Path:
17+
- Path: C:\Windows\System32\OpenSSH\sftp.exe
18+
Detection:
19+
- IOC: sftp.exe executions with ProxyCommand on the command line
20+
- IOC: sftp.exe spawning ssh.exe with ProxyCommand on the command line
21+
- Sigma: https://github.com/SigmaHQ/sigma/pull/5414/files
22+
Resources:
23+
- Link: https://news.sophos.com/en-us/2025/05/09/lumma-stealer-coming-and-going/
24+
Acknowledgement:
25+
- Person: Swachchhanda Shrawan Poudel
26+
Handle: '@_swachchhanda_'
27+
---

0 commit comments

Comments
 (0)