infosecn1nja
/
MaliciousMacroGenerator
mirror of https://github.com/infosecn1nja/MaliciousMacroGenerator.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Malicious Macro Generator
23 Commits
3 Branches
0 Tags
144 KiB
VBA 84.8%
Python 15.2%
 
 
Go to file
Mr-Un1k0d3r a70d95c021 Update GenMacro.py 2016-09-22 12:34:33 -04:00
configs Update generic-cmd-domain-evasion.json 2016-09-22 12:33:35 -04:00
examples Update domain-evasion.vba 2016-09-22 12:28:49 -04:00
templates Rename domain-evasion.template to generic-cmd-domain-evasion.vba 2016-09-22 12:34:15 -04:00
GenMacro.py Update GenMacro.py 2016-09-22 12:34:33 -04:00
README.md Update README.md 2016-09-22 12:32:54 -04:00

README.md

MaliciousMacroGenerator

#Malicious Macro Generator Utility

Simple utility design to generate obfuscated macro that also include a AV / Sandbox escape trick

#Requirement

Python 2.7
Python 3.4 (Not supported yet)

#Usage

Usage: GenMacro.py [config] [output]

        config  Config file that contain generator information
        output  Output filename for the macro
        
python GenMacro.py configs/generic-cmd-domain-evasion.json malicious.vba

#Config file

#Evasion technique

The macro is fetching the USERDOMAIN environment variable and compare the value with a predefined one. If they match the final payload is executed.

The python script will also generate obfuscated code to avoid heuristic detection

#Credit

Mr.Un1k0d3r RingZer0 Team https://ringzer0team.com charles.hamilton@mandiant.com