Vmonkey

HTB-oBfsC4t10n

February 20, 2026

Malware Analysis Shellcode Analysis Sandbox Windows VBA HTA Process Injection Olevba Vmonkey Scdbg

A phishing HTML file masquerading as an invoice delivers a macro-enabled Excel workbook that drops and executes a multi-stage obfuscated HTA payload, ultimately injecting a reverse shell shellcode into rundll32.exe and establishing a C2 connection.

↑