Description
ServHelper is a backdoor written in Delphi and is associated with the hacking group TA505.
613df014511b022045728afac469eb460e95ee7773e1a9e6083cc6f5ca2fe6aa
727KB
211016-a1mnasbfb3
2cbbe36a44658b6641048bfd57e1ea7f
197d39e7067afe3119a15729d39e6c05df672f05
613df014511b022045728afac469eb460e95ee7773e1a9e6083cc6f5ca2fe6aa
d61fd507d0d77339c165df0df11365558a408c08e50c1ceac594e93100bba40b4cf672b161cd2f731931b6f8636b4afee0c598f1b8f241f5a33dc8f68ab2b7d5
Family | vidar |
Version | 41.4 |
Botnet | 1008 |
C2 |
https://mas.to/@sslam |
Attributes |
profile_id 1008 |
613df014511b022045728afac469eb460e95ee7773e1a9e6083cc6f5ca2fe6aa
2cbbe36a44658b6641048bfd57e1ea7f
727KB
197d39e7067afe3119a15729d39e6c05df672f05
613df014511b022045728afac469eb460e95ee7773e1a9e6083cc6f5ca2fe6aa
d61fd507d0d77339c165df0df11365558a408c08e50c1ceac594e93100bba40b4cf672b161cd2f731931b6f8636b4afee0c598f1b8f241f5a33dc8f68ab2b7d5
ServHelper is a backdoor written in Delphi and is associated with the hacking group TA505.
Vidar is an infostealer based on Arkei stealer.
XMRig is a high performance, open source, cross platform CPU/GPU miner.
Uses net.exe to modify the user's privileges.
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Infostealers often target stored browser data, which can include saved credentials etc.
Looks up Uninstall key entries in the registry to enumerate software on the system.