HATVIBE

According to Sekoia, the aim of this backdoor is to receive VBS modules for execution from a remote C2 server. Once received, HATVIBE uses a simple XOR algorithm to decrypt each module, contact it between two <script> tags before adding it to the HTML body of the HTA file, leading to the automatic execution of the received module.

Family metadata imported from Malpedia (Fraunhofer FKIE).