System Binary Proxy Execution: Odbcconf (T1218.008)

Tactic: Stealth · Platforms: Windows

The interactive view maps 1 detection strategy, 2 mitigations, 1 threat group, 2 software entries to this technique, alongside D3FEND countermeasures and data-component coverage.

Sub-technique of System Binary Proxy Execution (T1218).

Overview

Adversaries may abuse odbcconf.exe to proxy execution of malicious payloads. Odbcconf.exe is a Windows utility that allows you to configure Open Database Connectivity (ODBC) drivers and data source names. The Odbcconf.exe binary may be digitally signed by Microsoft.

Adversaries may abuse odbcconf.exe to bypass application control solutions that do not account for its potential abuse. Similar to Regsvr32, odbcconf.exe has a REGSVR flag that can be misused to execute DLLs (ex: odbcconf.exe /S /A {REGSVR "C:\Users\Public\file.dll"}).

Explore