#CheckPoint Research demonstrated a new way to use #ChatGPT for #malware analysis directly from the web interface, analyzing #XLoader malware. The workflow using exported IDA data enables static analysis, rapid decryption, IoC extraction, and hidden C2 discovery.

https://research.checkpoint.com/2025/generative-ai-for-reverse-engineering/

#malware #opendir #xloader (small one works, big one not so much) at:

https://royfils\.com/encrypt/

2cd9b8fb88e7cbbc5c049441fb61e0aea7be23dc7aa2c109c13abefe7a2ac943

4733feaca04e871d4e0bb052f2437a2f46f10852602ea4f8b2f0170f4838dd87

🤺 AI vs. XLoader: Guess who’s winning?

#CheckPoint Research used generative AI to tear through #XLoader, one of the most encrypted, evasive malware strains — uncovering its secrets in mere hours.

And here’s the twist: It all happened with #ChatGPT. No heavy tooling. No waiting.

#AI is changing the rules of malware analysis, and the race just shifted in our favor: https://blog.checkpoint.com/research/cracking-xloader-with-ai-how-generative-models-accelerate-malware-analysis

#CyberSecurity #AIsecurity

First time I've seen #xloader use @tumblr for traffic noise:

https://www.joesandbox.com/analysis/1704731/0/iochtml#urls

2025-02-26 (Wednesday): #XLoader (#Formbook) distributed through #malspam. The email has an attached PDF document. The PDF has links for a ZIP download, and the ZIP contains files that use DLL side-loading for XLoader.

https://bit.ly/4bgKRU8

Social media post I wrote for my employer on other platforms: 2025-02-26 (Wednesday): #XLoader (#Formbook) distributed through #malspam.

The email has an attached PDF document. The PDF has links for a ZIP download, and the ZIP contains files using DLL side-loading for XLoader.

Details at https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-02-26-IOCs-for-XLoader-infection.txt