[New Tool] Powershell Payload Excel Delivery
A method of delivering a powershell payload via an excel macro. It contains malware characteristics, such as a self-deleting batch file and automatic persistence on the system.
This is a VBA macro that uses Matt Graeber’s Invoke-Shellcode to execute a powershell payload in memory as well as schedule a task for persistence.
Please note that the powershell commands in the macro can be encoded.
For this to work, Invoke-Shellcode needs to be accessible by the target.
HUGE thanks to Matthew Graeber (@mattifestation) for writing Invoke-Shellcode. You can find his great work over at https://github.com/mattifestation.
[button size=medium style=round color=red align=none url=https://github.com/enigma0x3/Powershell-payload-Excel-Delivery ]Get the code [/button]
Tool submitted by its author Matt Nelson