Signed MSI files, Raccoon and Amadey are used for installing ServHelper RAT
released on 2021-08-16 @ 09:09:10 AM
Although ServHelper has existed since at least early 2019, Cisco Talos detected the use of other malware families to install it. The installation comes as a GoLang dropper, .NET dropper or PowerShell script. Its activity is generally linked to Group TA505, but they cannot be certain that they are the exclusive users of this RAT.