SYMBOLCOMMON_NAMEaka. SYNONYMS
vbs.halfbaked (Back to overview)

HALFBAKED

Actor(s): Anunak

The HALFBAKED malware family consists of multiple components designed to establish and maintain a foothold in victim networks, with the ultimate goal of gaining access to sensitive financial information.
HALFBAKED listens for the following commands from the C2 server:

info: Sends victim machine information (OS, Processor, BIOS and running processes) using WMI
queries
processList: Send list of process running
screenshot: Takes screen shot of victim machine (using 58d2a83f777688.78384945.ps1)
runvbs: Executes a VB script
runexe: Executes EXE file
runps1: Executes PowerShell script
delete: Delete the specified file
update: Update the specified file

References
2019MITREMITRE ATT&CK
@online{attck:2019:tool:aef0372, author = {MITRE ATT&CK}, title = {{Tool description: HALFBAKED}}, date = {2019}, organization = {MITRE}, url = {https://attack.mitre.org/software/S0151/}, language = {English}, urldate = {2019-12-20} } Tool description: HALFBAKED
HALFBAKED
2018-10-01FireEyeRegina Elwell, Katie Nickels
@techreport{elwell:20181001:attcking:3c6d888, author = {Regina Elwell and Katie Nickels}, title = {{ATT&CKing FIN7}}, date = {2018-10-01}, institution = {FireEye}, url = {https://summit.fireeye.com/content/dam/fireeye-www/summit/cds-2018/presentations/cds18-technical-s05-att&cking-fin7.pdf}, language = {English}, urldate = {2020-06-25} } ATT&CKing FIN7
Bateleur BELLHOP Griffon ANTAK POWERPIPE POWERSOURCE HALFBAKED BABYMETAL Carbanak Cobalt Strike DNSMessenger DRIFTPIN PILLOWMINT SocksBot
2017-04-24FireEyeSaravanan Mohankumar, Nick Carr, Yogesh Londhe, Barry Vengerik, Dominik Weber
@online{mohankumar:20170424:fin7:6aec2b4, author = {Saravanan Mohankumar and Nick Carr and Yogesh Londhe and Barry Vengerik and Dominik Weber}, title = {{FIN7 Evolution and the Phishing LNK}}, date = {2017-04-24}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2017/04/fin7-phishing-lnk.html}, language = {English}, urldate = {2019-12-20} } FIN7 Evolution and the Phishing LNK
HALFBAKED FIN7

There is no Yara-Signature yet.