[New Tool] Powershell Payload Excel Delivery

A method of delivering a powershell payload via an excel macro. It contains malware characteristics, such as a self-deleting batch file and automatic persistence on the system.

This is a VBA macro that uses Matt Graeber’s Invoke-Shellcode to execute a powershell payload in memory as well as schedule a task for persistence.

Please note that the powershell commands in the macro can be encoded.

For this to work, Invoke-Shellcode needs to be accessible by the target.

HUGE thanks to Matthew Graeber (@mattifestation) for writing Invoke-Shellcode. You can find his great work over at https://github.com/mattifestation.

[button size=medium style=round color=red align=none url=https://github.com/enigma0x3/Powershell-payload-Excel-Delivery ]Get the code [/button]

Tool submitted by its author Matt Nelson

NJ Ouchn

"Passion is needed for any great work, and for the revolution, passion and audacity are required in big doses"

[New Tool] Powershell Payload Excel Delivery

NJ Ouchn

Strengthening Security: ToolsWatch Welcomes Dr. Magda Lilia Chelly and Vivek Ramachandran to Black Hat Arsenal’s Board of Review

GISEC Armory Edition 1 Dubai 2024 – Call For Tools is Open

Black Hat Arsenal 2024 Next Stop Singapore !

ToolsWatch introducing Armory at Gisec 2024 in Dubai: A New Arena for Cybersecurity Open Source Tools Announced

Unveiling the Awesome Lineup for Black Hat MEA Arsenal 2023 in Riyadh, KSA

Announcing the First Black Hat / ToolsWatch SecTor Toronto 2023 Arsenal Tools and Their Impact on the Community

Copyright

Latest posts