Severity
Medium
Analysis Summary
The BazarLoader malware is a small backdoor (a TrickBot adjacent malware) to an infected victim Windows host. BazarLoader currently uses a BazarCall method that infects the victim’s system and provides cybercriminals with backdoors that can be used in the future to send follow-up malware, scan the environment and exploit other vulnerable hosts on the network.
Researchers have reported the latest method used by threat actors to spread the malware; the call-center-based bazarLoader distribution method utilizes emails with a trial subscription-based theme that encourages potential victims to call a phone number. The victim is hoodwinked into thinking that they have subscribed to a service they didn’t sign up for and are directed to call a certain number for help. The call center operator directs the victim into downloading an infected excel sheet that is installed upon unsubscribing from the service.
Impact
- Data Exfiltration
Indicators of Compromise
Filename
- new-documents-2022[.]iso
MD5
- 0cf3644eed72f975bad6a89dec9fc258
- 778c7112450e9a40b3a54393797b267b
SHA-256
- c8e6485ec72a5ebfb50dc9ed594076ffe856dcaf34c2cde2c57be5f9ff7177af
- 401734bb95627b6b7cbf690dafa1e792c2387d86047fd219fef5cb77a295589f
SHA-1
- 3a7ae2460d411d0868a59614c4952dbbb6ec72d1
- 5d28d0107a170274483578e665afbd259fdc357f
Remediation
- Block all threat indicators at your respecitive controls.
- Keep Windows up-to-date.
- Keep an eye out for malicious emails and upgrade spam properties in email applications.
- Never download files from malicious websites.