How does SILENTTRINITY execute its payload using msbuild?

SILENTTRINITY leverages the msbuild stager to run C# code from an XML file via the 'Inline Tasks' feature in .NET Framework 4.0. The msbuild.xml contains a base64-encoded, encrypted payload that decodes and loads the SILENTTRINITY binary into memory without touching disk. This technique is akin to other abuse of trusted tools as discussed in Penetration Basics - Backdoor Implementation Using VMware Tools.