Summary: AhnLab Security Intelligence Center (ASEC) has identified a new malware distribution tactic that utilizes Microsoft Windows CAB header batch files to deploy the ModiLoader (DBatLoader) malware. This method cleverly disguises malicious files as legitimate purchase orders in phishing emails, circumventing traditional email security measures. The innovative file structure and execution process enable the malware to evade detection and deliver its payload effectively.

Threat Actor: Unknown | ModiLoader
Victim: Various organizations | phishing emails

Keypoints :

• The use of CAB header batch files (*.cmd) allows the ModiLoader malware to bypass email security measures.
• Phishing emails are disguised as purchase orders, exploiting human error and technical vulnerabilities.
• The malware executes a three-step process, creating and launching an executable file in the system’s %temp% directory.