ARS VBS Loader (cd6527d1-17a7-4825-8b4b-56e113d0efb1)
ARS VBS Loader not only downloads and executes malicious code, but also includes a command and control application written in PHP that allows a botmaster to issue commands to a victim's machine. This behavior likens ARS VBS Loader to a remote access Trojan (RAT), giving it behavior and capabilities rarely seen in malicious "loaders".
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| ARS VBS Loader (cd6527d1-17a7-4825-8b4b-56e113d0efb1) | RAT | ARS VBS Loader (1a4f99cc-c078-41f8-9749-e1dc524fc795) | Malpedia | 1 |