XAMLDeserializationDropper
VBScript/VBA macro dropper with XAML ObjectDataProvider deserialization attack. Random-word-combo function name obfuscation (filmbothability, behaviormachineshells). Base64-layered .NET IL bytecode embedded payload. x:Static ConfigurationManager XAML injection.
Threat Profile
Type
Loader
Programming LanguageVBScript
C2 ProtocolHTTP
First Seen2023
Targets
Küresel
Purpose / Capabilities
- Dropper/Loader
No C2 servers have been identified for this family yet.
Research Reports (1)
XAMLDeserializationDropper -- xABCDEFGHIJKLMNOPQRSTUVWX Rastgele Alfabe İsim Örtüsü, ObjectDataProvider MethodName Set XAML Deserializasyon Payload, filmbothability behaviormachineshells Rastgele Kelime Birleşimi VBScript Fonksiyon Adı Obfuskasyonu, Base64 Katmanlı .NET IL Bytecode Gömülü | Kritik
XAMLDeserializationDropper 237KB ASCII VBScript. xABCDEFGHIJKLMNOPQRSTUVWX rastgele alfabe isim. ObjectDataProvider MethodName=Set XAML deserializasyon. filmbothability behaviormachineshells rastgele kelime VBScript fonksiyon. Base64 .NET IL bytecode.
Read Report →