Botconf Author Listing

Alexey Bukhteyev

Last known affiliation: Check Point
Bio: Alexey Buhkteyev is a malware reverse engineer at Check Point Software Technologies. He specializes in malware research automation, Windows kernel mode development and macOS emulation. He also researches inside malware with the help of disassemblers, debuggers, and other tools. His final goal is to say what a researched piece of malware does and how it does it.
Date: 2022-04-28
How Formbook became XLoader and migrated to macOS
Alexey Bukhteyev 🗣 | Raman Ladutska 🗣

Abstract (click to view)

In this talk we analyze a prevalent malware family Formbook and its successor XLoader from different angles, including OSINT and technical sides. XLoader is a logical step in Formbook’s evolution, it is now able to target not only Windows but macOS as well.

Our aim is to help the listeners understand how the malware topped up prevalence lists, which approaches and tools to use for the analysis of this and other cases and how to stay protected from this threat.

Date: 2024-04-25
Unveiling the Shadows: The Dark Alliance between GuLoader and Remcos
Alexey Bukhteyev 🗣 | Arie Olshtein

Abstract (click to view)

In the ever-evolving landscape of cyber threats, seemingly legitimate tools have taken a dark turn, emerging as potent weapons in the hands of cybercriminals. Notable examples include the Remcos RAT and GuLoader (also known as CloudEyE Protector). Our recent study establishes a strong link between these dual-use agents. While Remcos is easily detected by antivirus solutions, rendering it challenging for criminal purposes, GuLoader provides a means to bypass anti-virus protection seamlessly.

GuLoader, recognized as a shellcode-based loader, facilitates malware evasion of antivirus defenses and utilizes cloud services for encrypted payload storage. In 2020, we exposed a direct connection between GuLoader and CloudEyE Protector, initially presented as a legitimate software protection tool. Subsequently, CloudEyE advertisements nearly vanished from the web, prompting us to question whether CloudEyE Protector reemerged under a new guise.

Scroll to Top