MMG – Malicious Macro Generator Utility

Mr.Un1k0d3r from RingZer0 Team created MMG (Malicious Macro Generator) a simple useful Python tool designed to generate obfuscated macros that also include an AV / Sandboxes evasion mechanism.

This can be used during a penetration testing and or during RedTeam engagement to verify the endpoint security software protection and type of detection mechanism deployed with the agent. The tool supports several evasion mechanism to allow user to test different attack scenarios.

MMG - Malicious Macro Generator Utility
MMG – Malicious Macro Generator Utility

The Evasion technique used with this tool are:

  • Domain check – The macro is fetching the USERDOMAIN environment variable and compare the value with a predefined one. If they match the final payload is executed.
  • Disk check – The macro is looking for the total disk space. VMs and test machines use small disk most of the time.
  • Memory check – The macro is looking for the total memory size. Vms and test machines use less resources.
  • Uptime check – The macro is looking for the system uptime. Sandboxes will return a short uptime.
  • Process check – The macro is checking if a specific process is running (example outlook.exe)
  • Obfuscation – The python script will also generate obfuscated code to avoid heuristic detection

You can read more and download this tool over here: https://github.com/Mr-Un1k0d3r/MaliciousMacroGenerator

Share
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments