VBSNetLoader
VBScript based .NET BinaryFormatter deserialization loader. Hundreds of randomly named VBS functions freeze Base64 payload tracks. The parts are combined and deserialized with .NET BinaryFormatter. Installing Microsoft.PowerShell.Editor and System.Windows.Forms assembly. C2 is hidden in .NET assembly.
Threat Profile
Type
Loader
Programming LanguageVBScript/.NET
C2 Protocolcustom
First Seen2024
Targets
Kuresel
Purpose / Capabilities
- Second-stage .NET Assembly Loader
No C2 servers have been identified for this family yet.