From Email to RAT: Deciphering a VB Script-Driven Campaign

McAfee Labs documents a global, multi-stage VBS-led malware campaign that leverages heavily obfuscated Visual Basic scripts and staged PowerShell to fetch and execute reflectively loaded shellcode, ultimately injecting and running Remcos RAT (and distributing AgentTesla, GuLoader, Xworm, Lokibot); the report provides technical disassembly of each stage, IOCs (hashes, URLs, IPs, mutex) and mitigation recommendations.