Rewterz Threat Alert – BazarLoader Malware – Active IOCs

Severity

Medium

Analysis Summary

The BazarLoader malware is a small backdoor (a TrickBot adjacent malware) to an infected victim Windows host. BazarLoader currently uses a BazarCall method that infects the victim’s system and provides cybercriminals with backdoors that can be used in the future to send follow-up malware, scan the environment and exploit other vulnerable hosts on the network.

Researchers have reported the latest method used by threat actors to spread the malware; the call-center-based bazarLoader distribution method utilizes emails with a trial subscription-based theme that encourages potential victims to call a phone number. The victim is hoodwinked into thinking that they have subscribed to a service they didn’t sign up for and are directed to call a certain number for help. The call center operator directs the victim into downloading an infected excel sheet that is installed upon unsubscribing from the service.

Impact

• Data Exfiltration

Indicators of Compromise

Filename

• new-documents-2022[.]iso

MD5

• 0cf3644eed72f975bad6a89dec9fc258
• 778c7112450e9a40b3a54393797b267b

SHA-256

• c8e6485ec72a5ebfb50dc9ed594076ffe856dcaf34c2cde2c57be5f9ff7177af
• 401734bb95627b6b7cbf690dafa1e792c2387d86047fd219fef5cb77a295589f

SHA-1

• 3a7ae2460d411d0868a59614c4952dbbb6ec72d1
• 5d28d0107a170274483578e665afbd259fdc357f

Remediation

• Block all threat indicators at your respecitive controls.
• Keep Windows up-to-date.
• Keep an eye out for malicious emails and upgrade spam properties in email applications.
• Never download files from malicious websites.