[New Tool] Powershell Payload Excel Delivery

A method of delivering a powershell payload via an excel macro. It contains malware characteristics, such as a self-deleting batch file and automatic persistence on the system.

This is a VBA macro that uses Matt Graeber’s Invoke-Shellcode to execute a powershell payload in memory as well as schedule a task for persistence.

Please note that the powershell commands in the macro can be encoded.

For this to work, Invoke-Shellcode needs to be accessible by the target.

HUGE thanks to Matthew Graeber (@mattifestation) for writing Invoke-Shellcode. You can find his great work over at https://github.com/mattifestation.

[button size=medium style=round color=red align=none url=https://github.com/enigma0x3/Powershell-payload-Excel-Delivery ]Get the code [/button]

Tool submitted by its author Matt Nelson


NJ Ouchn

"Passion is needed for any great work, and for the revolution, passion and audacity are required in big doses"