BoobSnail: generating Excel 4.0 XLM macro
BoobSnail allows generating XLM (Excel 4.0) macro. Its purpose is to support the RedTeam and BlueTeam in XLM macro generation. Features:
- various infection techniques;
- various obfuscation techniques;
- translation of formulas into languages other than English;
- can be used as a library – you can easily write your own generator.
git clone https://github.com/STMSolutions/boobsnail.git
pip install -r requirements.txt
Generate obfuscated macro that injects x64 or x86 shellcode:
python boobsnail.py Excel4NtDonutGenerator –inputx86 <PATH_TO_SHELLCODE> –inputx64 <PATH_TO_SHELLCODE> –out boobsnail.csv
Generate obfuscated macro that runs calc.exe:
python boobsnail.py Excel4ExecGenerator –cmd “powershell.exe -c calc.exe” –out boobsnail.csv
Saving output in Excel
- Dump output to CSV file.
- Copy content of CSV file.
- Run Excel and create a new worksheet.
- Add new Excel 4.0 Macro (right-click on Sheet1 -> Insert -> MS Excel 4.0 Macro).
- Paste the content in cell A1 or R1C1.
- Click Data -> Text to Columns.
- Click Next -> Set Semicolon as separator and click Finish.
BoobSnail shares the excel4lib library that allows creating your own Excel4 macro generator. excel4lib contains few classes that could be used during writing generator:
- excel4lib.macro.Excel4Macro – allows to defining Excel4 formulas, values variables;
- excel4lib.macro.obfuscator.Excel4Obfuscator – allows to obfuscate created instructions in Excel4Macro;
- excel4lib.lang.Excel4Translator – allows translating formulas to another language.
The main idea of this library is to represent Excel4 formulas, variables, formulas arguments, and values as python objects. Thanks to that you are able to change instructions attributes such as formulas or variables names, values, addresses, etc. in an easy way.
Copyright (c) 2021 STM Cyber