Verschlüsselte Herzen: Offenlegung des HeartCrypt Packer-as-a-Service-Betriebs

Category	Einzelheiten
Threat Actors	Unknown actors offering the HeartCrypt PaaS targeting various regions and industries.
Campaign Overview	HeartCrypt is a Packer-as-a-Service (PaaS) launched in February 2024, used to protect malware by obfuscating code within legitimate binaries. Advertised in underground forums and Telegram, it supports 32-bit Windows payloads for $20 per file.
Target Regions (Victims)	Observed campaigns in Latin America and other global regions. Specific targets include industries and individuals.
Methodology	HeartCrypt injects malicious code into legitimate executables. Techniques include: ➡ Control flow hijacking ➡ Obfuscation (stack strings, junk bytes, etc.) ➡ Anti-sandboxing methods (loop emulation and Windows Defender evasion)
Product Targeted	Windows systems, particularly 32-bit binaries.
Malware Reference	Associated with LummaStealer, Remcos RAT, XWorm, Quasar RAT, RedLine Stealer, and others.
Tools Used	➡ Telegram ➡ Underground forums (e.g., XSS.is, Exploit.in, BlackHatForums) ➡ API abuse (e.g., LoadResource, VirtualProtect)
Vulnerabilities Exploited	Anti-sandbox evasion techniques targeting: ➡ Windows Defender’s VDLL ➡ VM detection with d3d9 library ➡ Dependency emulation checks
TTPs	➡ Packer services for malware ➡ Use of legitimate binaries for obfuscation ➡ Extensive use of control flow obfuscation (jmp instructions, PIC) ➡ Dynamic API resolution ➡ Tailored payload injection into binaries
Attribution	Development observed since July 2023 by unknown operators, possibly cybercriminal syndicates.
Recommendations	➡ Implement robust sandboxing to detect obfuscated code ➡ Monitor suspicious use of LoadResource and other API calls ➡ Enhance behavioral analysis to detect unusual control flow manipulations ➡ Educate users about risks of downloading executables from unverified sources
Quelle	Palo Alto Networks (Unit 42)

Read full article: https://unit42.paloaltonetworks.com/packer-as-a-service-heartcrypt-malware/

The above summary has been generated by an AI language model

Quelle

Kommentar verfassen Kommentieren abbrechen

London, GB

11:27 am, Apr. 2, 2025

14°C

L: 13° | H: 14°

Fühlt sich an wie 13°C° klarer Himmel

Luftfeuchtigkeit: 55 %

Druck: 1022 mb

Wind: 10 mph ESE

Windböe: 21 mph

UV-Index: 0

Niederschlag: 0 mm

Wolken: 0%

Regen Chance: 0%

Sichtbarkeit: 10 km

Sonnenaufgang: 6:33 am

Sonnenuntergang: 7:34 pm

TäglichStündlich

Tägliche VorhersageStündliche Vorhersage

Today 10:00 pm

13° | 14°°C 0 mm 0% 16 mph 68 % 1022 mb 0 mm/h

Tomorrow 10:00 pm

9° | 16°°C 0 mm 0% 11 mph 85 % 1022 mb 0 mm/h

Fr. Apr. 04 10:00 pm

10° | 18°°C 0 mm 0% 14 mph 82 % 1022 mb 0 mm/h

Sa. Apr. 05 10:00 pm

6° | 17°°C 0 mm 0% 12 mph 79 % 1022 mb 0 mm/h

So. Apr. 06 10:00 pm

7° | 14°°C 0 mm 0% 12 mph 76 % 1025 mb 0 mm/h

Today 1:00 pm

14° | 14°°C 0 mm 0% 15 mph 54 % 1022 mb 0 mm/h

Today 4:00 pm

15° | 15°°C 0 mm 0% 16 mph 54 % 1021 mb 0 mm/h

Today 7:00 pm

13° | 13°°C 0 mm 0% 12 mph 61 % 1020 mb 0 mm/h

Today 10:00 pm

10° | 10°°C 0 mm 0% 11 mph 68 % 1021 mb 0 mm/h

Tomorrow 1:00 am

10° | 10°°C 0 mm 0% 10 mph 75 % 1021 mb 0 mm/h

Tomorrow 4:00 am

9° | 9°°C 0 mm 0% 9 mph 80 % 1020 mb 0 mm/h

Tomorrow 7:00 am

9° | 9°°C 0 mm 0% 9 mph 85 % 1020 mb 0 mm/h

Tomorrow 10:00 am

12° | 12°°C 0 mm 0% 11 mph 63 % 1020 mb 0 mm/h

Name	Preis	24H (%)
Bitcoin(BTC)	€78,894.09	0.84%
Ethereum(ETH)	€1,743.81	-0.08%
Fesseln(USDT)	€0.93	0.00%
XRP(XRP)	€1.96	-2.74%
Solana(SOL)	€116.77	-2.26%
USDC(USDC)	€0.93	0.00%
Dogecoin(DOGE)	€0.159714	-0.42%
Shiba Inu(SHIB)	€0.000011	-3.87%
Pepe(PEPE)	€0.000006	-3.07%

Verschlüsselte Herzen: Offenlegung des HeartCrypt Packer-as-a-Service-Betriebs

Teilen:

Kommentar verfassen Kommentieren abbrechen

Verbindung zum Dienstprogramm

Nützlicher Link

Newsletter

Folgen Sie uns