2026-04-16 –, Amphitheater
XLoader is an actively developed rebrand of the well known Formbook information stealer. First appearing in 2020, XLoader builds on the strengths of its predecessor with a particular focus on improving the build engine to complicate analysis and large-scale IOC extraction. Addressing this challenge is crucial for organizations aiming to track XLoader at scale.
This talk brings together presenters from Check Point and Intel 471, each using distinct methodologies and tooling to build reliable tracking for XLoader. Intel 471’s approach is primarily based on manual reverse engineering, while Check Point’s approach combines generative AI with targeted manual analysis to accelerate this process.
The talk is intended to serve as a reference for reverse engineers seeking a practical entry point into automating XLoader tracking, with a focus on configuration extraction and C2 communications.
Alexey Bukhteyev is a security researcher at Check Point Software Technologies, driven by a long-standing interest in understanding how software systems work and how they fail under attack. With extensive experience in malware analysis and threat research, he focuses on uncovering new threats and developing effective defenses against malware and related attacks. His work spans malware analysis at scale, operating system security, and privacy-focused investigations, with a particular interest in applying generative AI to accelerate research workflows. Alexey has presented his work at security conferences including Virus Bulletin and BotConf.
Souhail Hammou is a reverse engineer and vulnerability researcher with a background in software engineering. Currently serving as a principal reverse engineer with the Intel 471 Malware Intelligence team, he specializes in analyzing emerging threats, maintaining malware tracking systems and conducting in-depth research. Souhail presented research on malware reversing and tracking at previous editions of Botconf as well as in other international conferences.