infosecn1nja
/
MaliciousMacroGenerator
mirror of https://github.com/infosecn1nja/MaliciousMacroGenerator.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Malicious Macro Generator
18 Commits
3 Branches
0 Tags
144 KiB
VBA 84.8%
Python 15.2%
 
 
Go to file
Mr-Un1k0d3r 253caafa2f Add files via upload 2016-09-22 12:30:05 -04:00
examples Update domain-evasion.vba 2016-09-22 12:28:49 -04:00
templates Update domain-evasion.template 2016-09-22 12:29:16 -04:00
GenMacro.py Update GenMacro.py 2016-09-22 12:29:40 -04:00
README.md Update README.md 2016-09-22 09:33:19 -04:00
config.txt Add files via upload 2016-09-22 12:30:05 -04:00

README.md

MaliciousMacroGenerator

#Malicious Macro Generator Utility

Simple utility design to generate obfuscated macro that also include a AV / Sandbox escape trick

#Requirement

Python 2.7
Python 3.4 (Not supported yet)

#Usage

Usage: GenMacro.py [template] [domain] [offset] [payload] [output]

        template        Template macro
        domain          Target domain name (USERDOMAIN env variable value)
        offset          Encoding offset (default 3)
        payload         Payload to be executed
        output          Output filename
        
python GenMacro.py "base.vba" "RingZer0" 3 "cmd.exe /c ping ringzer0team.com" malicious.vba

#Evasion technique

The macro is fetching the USERDOMAIN environment variable and compare the value with a predefined one. If they match the final payload is executed.

The python script will also generate obfuscated code to avoid heuristic detection

#Credit

Mr.Un1k0d3r RingZer0 Team https://ringzer0team.com charles.hamilton@mandiant.com