<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>

</head>

<body dir="ltr">

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<span style="margin:0px;font-size:12pt;color:rgb(0, 0, 0) !important;background-color:rgb(255, 255, 255)"><span style="margin:0px;background-color:rgb(255, 255, 255) !important"><span style="margin:0px;background-color:rgb(255, 255, 255) !important"><span style="margin:0px;background-color:rgb(255, 255, 255) !important"><span style="margin:0px;font-size:14.67px">Hello,</span></span><span style="margin:0px;background-color:rgb(255, 255, 255) !important;display:inline !important"></span><span style="margin:0px;background-color:rgb(255, 255, 255) !important;display:inline !important"></span></span></span></span></div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<div style="margin:0px;font-size:12pt;color:rgb(0, 0, 0) !important;background-color:rgb(255, 255, 255)">

<div style="margin:0px;background-color:rgb(255, 255, 255) !important">

<div style="margin:0px;background-color:rgb(255, 255, 255) !important">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30) !important;background-color:rgb(255, 255, 255) !important">

<div style="margin:0px;font-size:12pt;color:rgb(0, 0, 0) !important">

<div style="margin:0px;background-color:rgb(255, 255, 255) !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30) !important;background-color:white !important">

<div style="margin:0px;font-size:12pt;color:black !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30) !important;background-color:white !important">

<div style="margin:0px;font-size:12pt;color:black !important"><span style="margin:0px;background-color:white !important"></span>

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30) !important;background-color:white !important">

<div style="margin:0px;font-size:12pt;color:black !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30) !important;background-color:white !important">

<div style="margin:0px;font-size:12pt;color:black !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30) !important;background-color:white !important">

<div style="margin:0px;font-size:12pt;color:black !important"><span style="margin:0px;background-color:white !important"></span>

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30) !important;background-color:white !important">

<div style="margin:0px;font-size:12pt;color:black !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30) !important;background-color:white !important">

<div style="margin:0px;font-size:12pt;color:black !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30) !important;background-color:white !important">

<div style="margin:0px;font-size:12pt;color:black !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30) !important;background-color:white !important">

<div style="margin:0px;font-size:12pt;color:black !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30) !important;background-color:white !important">

<div style="margin:0px;font-size:12pt;color:black !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;font-size:15px;color:rgb(32, 31, 30) !important;background-color:white !important">

<div style="margin:0px;font-size:12pt;color:black !important"><span style="margin:0px;background-color:white !important"></span>

<div style="margin:0px;background-color:white !important">

<div style="margin:0px;font-size:14.67px;background-color:white !important">I hope everyone is doing well!</div>

<div style="margin:0px;font-size:14.67px;background-color:white !important"><br>

</div>

<div style="margin:0px;font-size:14.67px;background-color:white !important">Below is the entry for today.</div>

<div style="margin:0px;font-size:14.67px;background-color:white !important"><br>

</div>

<div style="margin:0px;font-size:14.67px;background-color:white !important">11/11/2021 - Diary entry #388<br>

<br>

</div>

<blockquote style="font-size:14.67px;background-color:white !important;margin-top:0px;margin-bottom:0px">

<div style="margin:0px"></div>

<div style="margin:0px"></div>

<div>This week a new campaign of BazarLoader was found abusing Windows 10 App Installer.</div>

<div><br>

</div>

<div>The campaign, following the known pattern of BazarLoader, is delivered through an e-mail spam. The e-mail uses social engineering to convince the targets to click on a supposed PDF link, embedded in the e-mail text. On opening the link, a fake PDF preview

 loading screen is displayed, asking the user to click a button to load the PDF. The button invokes a ms-appinstaller link, that calls AppInstaller.exe, native in Windows 10, to download and run the payload in that link. It's important to notice that after

 clicking the button, Windows raises an alert saying that the website wants to invoke AppInstaller, but users unaware of the scam can easily allow the execution of the malicious payload. The AppInstaller then opens a pop-up, asking for the installation of the

 payload disguised as an AdobePDF component.</div>

<div><br>

</div>

<div>AppInstaller is a trusted component inside Windows 10, used by the Microsoft Store to install bought applications.</div>

<div><br>

</div>

BazaarLoader was already covered in our Daily Diary #131. It's developed by the Wizard Spider group, also responsible for TrickBot and ContiRansomware (successor of Ryuk Ransomware). This campaign, just like the others from BazaarLoader, can deploy Trickbot

 or other Botnet malware to exfiltrate data and spread through the network, and possibly end up deploying a Ransomware attack.

<div style="margin:0px"><br>

</div>

</blockquote>

<span style="margin:0px;font-size:14.67px;background-color:white !important">Kind Regards,</span></div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

<br>

</div>

<div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<br>

</div>

<div id="Signature">

<div>

<div></div>

<div></div>

<div></div>

<div></div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">

<table style="font-family:"Times New Roman"; font-size:medium; text-align:start">

<tbody>

<tr>

<td width="180" align="left" style="width:180px">

<table width="120" align="left">

<tbody>

<tr>

<td colspan="3" align="center"><a href="https://www.appgate.com/"><img alt="" width="120" height="30" src="https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png"></a></td>

</tr>

<tr>

<td colspan="3" align="center"> </td>

</tr>

<tr>

<td width="37%" align="center"><a href="https://www.linkedin.com/company/appgate-security/"><img width="18" height="18" alt="" src="https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png"></a></td>

<td width="28%"><a href="https://twitter.com/AppgateSecurity"><img width="20" height="18" alt="" src="https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png"></a></td>

<td width="35%"><a href="https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ"><img width="26" height="18" alt="" src="https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png"></a></td>

</tr>

</tbody>

</table>

<p> </p>

</td>

<td width="350" colspan="2" rowspan="2" style="width:350px">

<p style="font-family:Arial,Helvetica,sans-serif; font-size:13px; color:rgb(12,12,12)">

<strong>Felipe Duarte Domingues</strong><br>

Security Researcher<br>

<strong>Appgate</strong></p>

<p style="font-family:Arial,Helvetica,sans-serif; font-size:13px; color:rgb(12,12,12)">

E:<span> </span><font color="#228ebe"><a href="mailto:felipe.duarte@appgate.com" title="mailto:felipe.duarte@appgate.com">felipe.duarte@appgate.com</a></font><br>

O: <span style="background-color:rgb(255,255,255); display:inline!important">+55 19 98840 2509</span></p>

</td>

</tr>

</tbody>

</table>

<br>

</div>

</div>

</div>

</div>

</body>

</html>