HALFBAKED (Malware Family)

HALFBAKED

Actor(s): Anunak

The HALFBAKED malware family consists of multiple components designed to establish and maintain a foothold in victim networks, with the ultimate goal of gaining access to sensitive financial information.
HALFBAKED listens for the following commands from the C2 server:

info: Sends victim machine information (OS, Processor, BIOS and running processes) using WMI
queries
processList: Send list of process running
screenshot: Takes screen shot of victim machine (using 58d2a83f777688.78384945.ps1)
runvbs: Executes a VB script
runexe: Executes EXE file
runps1: Executes PowerShell script
delete: Delete the specified file
update: Update the specified file

References

2019-01-01 ⋅ MITRE ⋅ MITRE ATT&CK
Tool description: HALFBAKED
HALFBAKED

2018-10-01 ⋅ FireEye ⋅ Katie Nickels, Regina Elwell
ATT&CKing FIN7
Bateleur BELLHOP Griffon ANTAK POWERPIPE POWERSOURCE HALFBAKED BABYMETAL Carbanak Cobalt Strike DNSMessenger DRIFTPIN PILLOWMINT SocksBot

2017-04-24 ⋅ FireEye ⋅ Barry Vengerik, Dominik Weber, Nick Carr, Saravanan Mohankumar, Yogesh Londhe
FIN7 Evolution and the Phishing LNK
HALFBAKED FIN7

There is no Yara-Signature yet.

HALFBAKED Propose Change

References

HALFBAKED