2021-08-02 BazarCall IOCs

THREAT IDENTIFICATION:  BAZARCALL / BAZARLOADER

SUBJECTS OBSERVED
Car accident claim
Essential reminder! Abandoned place of vehicle accident
Automobile accident reminder

SENDERS OBSERVED
Erika Jones <poktadawniatita94@aol.com>
Brittany Rivera <notification@email.sendmemsg.com>
Julie Smith <juliesuperfamily52@aol.com>

LURE PHONE NUMBER
+1 646 980 6856

EMAIL BODY
Meagher Auto insurer
Re: Abandoned site of automobile accident on
Request No.: <Redacted - recipient name>

Greetings, dear L1#########,

This notification is accepted as an official notification that compensation is demanded from for the car accident that occurred on 07/23/2021. The full demand amount, after calculating direct payments, is $346.87

Please get in touch with us at +1 646 980 6856 Monday to Friday from 9 am to 6 pm. Our customer support is going to help you get the full information about the vehicle accident including videos, images of the automobile plate, and all the other sensitive information about this particular incident.

As it was highlighted earlier the location of a automobile accident was left. According to our insurance company's policy, we will have to report this vehicle accident to the police officers in the next 72 hours, please get in touch with us as soon as possible to find a solution for this situation.

Warm regards,
The Meagher Agency

MALDOC LANDING PAGES
https://meagherinsurance.co/
https://meagherinsurance.co/case

MALDOC DOWNLOAD URL
https://meagherinsurance.co/download.php

BAZARCALL MALDOC FILE HASHES
case_L##########.xlsb
8cb6c166f9630a1116df6ed2607b0062

BAZARLOADER PAYLOAD DOWNLOAD URL
http://185.82.127.185

BAZARLOADER PAYLOAD FILE HASHES
Ra5iI.dll
9a942c191541825b279466f4c6cbd930

BAZARLOADER C2
https://54.177.75.53/out/static/text

ADDITONAL STRINGS IN MEMORY
https://54.183.226.207:443
https://64.227.73.19:443
https://64.227.77.91:443