Technical Analysis of Xloader’s Code Obfuscation in Version 4.3
released on 2023-04-05 @ 09:09:04 AM
Xloader is a rebranded version of an info-stealer called “Formbook”. This malware family has been updated consistently. Xloader has pivoted into a malware-as-a-service business model, renting C2 infrastructure to customers. Version 4.3 of Xloader malware has many obfuscation techniques including adding numerous layers of encryption with code that recursively decrypts other blocks of code until reaching the core functionality that decrypts the most sensitive data.