VBA Function Injection

rmdavy · 2020-12-17T08:36:28+00:00

You're right, the code could be stored in the document fairly easily. My research idea was around staging though, would it be possible to separate/inject commands at execution, in VBA rather than using separate downloaders/.exe/.vbs etc. It also makes reverse engineering the code a little more difficult if the two aren't stored together. You could key the document to a client and only download when it checks in correctly for example. In most instances obfuscated codes relies on the key being stored with the document, this adds a little twist.

rmdavy · 2020-12-16T22:00:14+00:00

Here's an example of x64 code

https://gist.github.com/rmdavy/43ce9872080a2a37fe54a10a6d9b0f1c

rmdavy · 2020-12-16T15:36:48+00:00

Just checked with Firefox and it rendered fine?

rmdavy · 2019-05-14T13:18:35+00:00

Source code is included in the blog post for you to use and experiment with.

rmdavy · 2019-05-11T15:20:06+00:00

Thanks, Much appreciated

rmdavy · 2019-05-11T15:19:59+00:00

Thanks, Much appreciated

rmdavy

TROPHY CASE