BazarLoader is Windows-based malware spread through various methods involving email. These infections provide backdoor access that criminals use to determine whether the host is part of an Active Directory (AD) environment.

https://unit42.paloaltonetworks.com/bazarloader-network-reconnaissance/