Skip to main content

New Bazar Trojan Variant is Being Spread in Recent Phishing Campaign – Part I

  • February 12, 2021
  • 0 replies
  • 18 views

Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54

By Xiaopeng Zhang | February 12, 2021

 

FortiGuard Labs Threat Research Report

Affected platforms: Microsoft Windows  
Impacted parties:    Windows Users
Impact:                     Control and Collect sensitive information from victim’s device, as well as delivering other malware.
Severity level:           Critical

 

Bazar (which has been classified as the Team9 malware family being developed by the group behind Trickbot) is a backdoor Trojan designed to target a device, collect sensitive information, control the system via commands, and deliver malware. Last year, it was observed delivering the TrickBot malware.

FortiGuard Labs recently noticed a suspicious email through the SPAM monitoring system. This email was designed to entice a victim into opening a web page to download an executable file. Additional research on this executable file found that it is a new variant of Bazar. In this post you can expect to learn what new techniques this Bazar uses to perform anti-analysis, how it communicates with its C2 server, what sensitive data it is able to collect from the victim’s device and how it is able to deliver other malware onto the victim’s system.

 

Full Article.

0 replies

Be the first to reply!

Reply