XAMLDeserializationDropper

VBScript/VBA macro dropper with XAML ObjectDataProvider deserialization attack. Random-word-combo function name obfuscation (filmbothability, behaviormachineshells). Base64-layered .NET IL bytecode embedded payload. x:Static ConfigurationManager XAML injection.

Threat Profile
Type Loader
Programming LanguageVBScript
C2 ProtocolHTTP
First Seen2023
Targets Küresel
Purpose / Capabilities
  • Dropper/Loader
No C2 servers have been identified for this family yet.

Research Reports (1)

Critical

XAMLDeserializationDropper -- xABCDEFGHIJKLMNOPQRSTUVWX Rastgele Alfabe İsim Örtüsü, ObjectDataProvider MethodName Set XAML Deserializasyon Payload, filmbothability behaviormachineshells Rastgele Kelime Birleşimi VBScript Fonksiyon Adı Obfuskasyonu, Base64 Katmanlı .NET IL Bytecode Gömülü | Kritik

XAMLDeserializationDropper 237KB ASCII VBScript. xABCDEFGHIJKLMNOPQRSTUVWX rastgele alfabe isim. ObjectDataProvider MethodName=Set XAML deserializasyon. filmbothability behaviormachineshells rastgele kelime VBScript fonksiyon. Base64 .NET IL bytecode.

Read Report →