This repository contains the analysis reports, technical details or any tools created for helping in malware analysis. Additionally, the repo contains extracted TTPs with code along with the detection rules
XLoader, an advanced evolution of the FormBook malware, stands out as a highly sophisticated cyber threat renowned for its dual functionality as an information stealer and a versatile downloader for malicious payloads. Noteworthy for its resilient nature, xLoader constantly adapts to the latest and most intricate evasion techniques, making it a formidable challenge for cybersecurity defenses. Its notoriety is heightened by its role as a commercial Malware-as-a-service solution, enabling cybercriminals to tailor and deploy the malware for diverse malicious activities.
To match hashes, just save any hash value you find from sample in the hashes.txt file and it will be compared with source strings that are availble in hash_sources.json file. If a match is found, it will be printed out.
TTP | Description | Code | Detection |
---|---|---|---|
Defense Evasion | Xloader4.3 uses ntdll unhooking technique called 'Lagos Island' to avoid detection by EDR solutions | Code | Rule/Query Coming Soon! |
Xloader4.3 implements a highly advanced & unique obfuscation technique in which its code present in .text section of a binary is in encrypted format and decrypts at run-time | Code | Rule/Query Coming Soon! | |
TTPs | More coming soon... | Code coming soon... | Rule\Query coming soon... |
The artifacts and code of this repository are intended for educational purposes only!