HALFBAKED

Malware Profile Updated 3 months ago

Download STIX

Preview STIX

Halfbaked is a type of malware that can infect a computer system through suspicious downloads, emails, or websites. The shellcode of Halfbaked is designed to reattempt communication with the C2 server address in a specific pattern if it is initially unable to contact the server. Once inside a computer, Halfbaked drops several VBScripts and configuration files into a folder it creates by GUID name inside "Intel." These files include various payloads and configuration files that allow the malware to execute its functions. This variant of Halfbaked connects to three C2 servers and listens for various commands from the attacker, including sending victim machine information, taking screenshots, executing scripts and files, and deleting and updating specified files. All communication between the backdoor and the attacker's C2 are encoded using a specific technique. Halfbaked is a part of the Halfbaked malware family, which is designed to establish and maintain a foothold in victim networks and gain access to sensitive financial information. FireEye iSIGHT Intelligence MySIGHT Portal contains additional information regarding FIN7 and Halfbaked's investigations.

What's your take? (Question 1 of 2)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Backdoor

Malware

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
FIN7	Unspecified	1	FIN7, a notorious threat actor group known for its malicious activities, has recently been identified as targeting a large U.S. carmaker with phishing attacks. This group, which has previously operated behind fake cybersecurity companies such as Combi Security and Bastion Secure to recruit security

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Source Document References

Information about the HALFBAKED Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
MITRE	a year ago	FIN7 Evolution and the Phishing LNK \| Mandiant