Microsoft Defender Antivirus detects and removes this threat.

Bazaloader, also known as Bazarloader, is a malware that is increasingly used in sophisticated threat campaigns. Attacks involving BazaLoader rely on social engineering and adopt distinctive attack chains designed to evade security solutions. Attackers send phishing emails that contain links to Google documents, which then lead to other documents embedded with links that download Bazaloader malware on the target device.

Bazaloader provides initial foothold and paves the way for hands-on-keyboard activity. It enables the delivery of second-stage toolkits, commonly Cobalt Strike, which in turn enable reconnaissance and lateral movement within the compromised network.

BazaLoader is a serious threat that is relatively proficient in evading certain detection mechanisms. It highlights the continued presence of human-operated ransomware and how these threats rely on common security weaknesses.

Read the following blogs for details:

• Human-operated ransomware attacks: A preventable disaster
• Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk