ModiLoader, DBatLoader

ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

Modiloader family

Checks for common network interception software

Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.

Looks for VirtualBox Guest Additions in registry

ModiLoader Second Stage

Adds policy Run key to start application

Looks for VMWare Tools registry key