Souhail Hammou
Souhail Hammou is a reverse engineer and vulnerability researcher with a background in software engineering. Currently serving as a principal reverse engineer with the Intel 471 Malware Intelligence team, he specializes in analyzing emerging threats, maintaining malware tracking systems and conducting in-depth research. Souhail presented research on malware reversing and tracking at previous editions of Botconf as well as in other international conferences.
Session
XLoader is an actively developed rebrand of the well known Formbook information stealer. First appearing in 2020, XLoader builds on the strengths of its predecessor with a particular focus on improving the build engine to complicate analysis and large-scale IOC extraction. Addressing this challenge is crucial for organizations aiming to track XLoader at scale.
This talk brings together presenters from Check Point and Intel 471, each using distinct methodologies and tooling to build reliable tracking for XLoader. Intel 471’s approach is primarily based on manual reverse engineering, while Check Point’s approach combines generative AI with targeted manual analysis to accelerate this process.
The talk is intended to serve as a reference for reverse engineers seeking a practical entry point into automating XLoader tracking, with a focus on configuration extraction and C2 communications.