MaliciousMacroGenerator
所属分类:collect
开发工具:Visual Basic .NET
文件大小:0KB
下载次数:0
上传日期:2019-04-17 19:47:38
上 传 者:
sh-1993
说明: 恶意宏生成器,
(Malicious Macro Generator,)
文件列表:
LICENSE.md (33191, 2019-04-17)
MMG.py (1365, 2019-04-17)
TEMPLATE.md (2228, 2019-04-17)
configs/ (0, 2019-04-17)
configs/dotnettojs-domain-evasion.json (781, 2019-04-17)
configs/generic-cmd-evasion.json (350, 2019-04-17)
configs/generic-cmd.json (296, 2019-04-17)
configs/recon-rename-wmi-cmd-evasion.json (639, 2019-04-17)
configs/recon.json (281, 2019-04-17)
configs/wmi-cmd-evasion-domain.json (385, 2019-04-17)
configs/wmi-cmd-evasion-process.json (390, 2019-04-17)
configs/wmi-cmd.json (361, 2019-04-17)
configs/wmi-evasion-uptime.json (368, 2019-04-17)
configs/wmi-msbuild-evasion-domain.json (422, 2019-04-17)
examples/ (0, 2019-04-17)
examples/generic-cmd-evasion.vba (3426, 2019-04-17)
lib/ (0, 2019-04-17)
lib/__init__.py (0, 2019-04-17)
lib/encoder.py (5829, 2019-04-17)
lib/helper.py (3432, 2019-04-17)
templates/ (0, 2019-04-17)
templates/evasions/ (0, 2019-04-17)
templates/evasions/diskcheck.vba (880, 2019-04-17)
templates/evasions/domain.vba (1918, 2019-04-17)
templates/evasions/encoder.vba (302, 2019-04-17)
templates/evasions/hex-decode.vba (226, 2019-04-17)
templates/evasions/none.vba (123, 2019-04-17)
templates/evasions/password.vba (313, 2019-04-17)
templates/evasions/process.vba (1548, 2019-04-17)
templates/evasions/uptime.vba (1149, 2019-04-17)
templates/payloads/ (0, 2019-04-17)
templates/payloads/dotnettojs-evasion-template.vba (21119, 2019-04-17)
templates/payloads/generic-cmd-evasion-template.vba (941, 2019-04-17)
templates/payloads/generic-cmd-template.vba (849, 2019-04-17)
templates/payloads/recon-rename-wmi-cmd-evasion.vba (3717, 2019-04-17)
templates/payloads/recon-template.vba (2292, 2019-04-17)
templates/payloads/wmi-evasion-domain-template.vba (1763, 2019-04-17)
templates/payloads/wmi-evasion-process-template.vba (1548, 2019-04-17)
templates/payloads/wmi-evasion-uptime-template.vba (1758, 2019-04-17)
... ...
# Malicious Macro Generator Utility
Simple utility design to generate obfuscated macro that also include a AV / Sandboxes escape mechanism.
# Requirement
```
Python 2.7
```
# Usage
```
MMG.Malicious Macro Generator v2.0 - RingZer0 Team
Author: Mr.Un1k0d3r mr.un1k0d3r@gmail.com
Usage: MMG.py [config] [output] (optional parameters)
[config] Config file that contain generator information
[output] Output filename for the macro
-l --list List of all available payloads and evasion techniques
-s --split_strings Randomly split strings at parts
-x --strings_to_hex Encode strings to hex
python MMG.py configs/generic-cmd.json malicious.vba
```
# Config file
Example of a project config file.
```
{
"description": "Generic command exec payload\nEvasion technique set to domain check",
"template": "templates/payloads/generic-cmd-evasion-template.vba",
"varcount": 150,
"encodingoffset": 4,
"chunksize": 200,
"encodedvars": {
"DOMAIN":"RINGZER0"
},
"vars": [],
"evasion": ["encoder", "domain"],
"payload": "cmd.exe /c whoami"
}
```
# Evasion techniques
###### Domain check
The macro is fetching the USERDOMAIN environment variable and compare the value with a predefined one. If they match the final payload is executed.
###### Disk check
The macro is looking for the total disk space. VMs and test machines use small disk most of the time.
###### Memory check
The macro is looking for the total memory size. Vms and test machines use less resources.
###### Uptime check
The macro is looking for the system uptime. Sandboxes will return a short uptime.
###### Process check
The macro is checking if a specific process is running (example outlook.exe)
###### Obfuscation
The python script will also generate obfuscated code to avoid heuristic detection
###### More to come
# Credit
Mr.Un1k0d3r RingZer0 Team
https://ringzer0team.com
近期下载者:
相关文件:
收藏者: