DE
DE EN
DE
DE EN
Kontakt
Anmeldung
Themen
Finanzen & Versicherung
Handel
Industrie
IT & Beratung
Tourismus
Transport
Recht
Öffentlich

Verschlüsselte Herzen: Offenlegung des HeartCrypt Packer-as-a-Service-Betriebs

0
Teilen:
Category Einzelheiten
Threat Actors Unknown actors offering the HeartCrypt PaaS targeting various regions and industries.
Campaign Overview HeartCrypt is a Packer-as-a-Service (PaaS) launched in February 2024, used to protect malware by obfuscating code within legitimate binaries. Advertised in underground forums and Telegram, it supports 32-bit Windows payloads for $20 per file.
Target Regions (Victims) Observed campaigns in Latin America and other global regions. Specific targets include industries and individuals.
Methodology HeartCrypt injects malicious code into legitimate executables. Techniques include:
➡ Control flow hijacking
➡ Obfuscation (stack strings, junk bytes, etc.)
➡ Anti-sandboxing methods (loop emulation and Windows Defender evasion)
Product Targeted Windows systems, particularly 32-bit binaries.
Malware Reference Associated with LummaStealer, Remcos RAT, XWorm, Quasar RAT, RedLine Stealer, and others.
Tools Used ➡ Telegram
➡ Underground forums (e.g., XSS.is, Exploit.in, BlackHatForums)
➡ API abuse (e.g., LoadResource, VirtualProtect)
Vulnerabilities Exploited Anti-sandbox evasion techniques targeting:
➡ Windows Defender’s VDLL
➡ VM detection with d3d9 library
➡ Dependency emulation checks
TTPs ➡ Packer services for malware
➡ Use of legitimate binaries for obfuscation
➡ Extensive use of control flow obfuscation (jmp instructions, PIC)
➡ Dynamic API resolution
➡ Tailored payload injection into binaries
Attribution Development observed since July 2023 by unknown operators, possibly cybercriminal syndicates.
Recommendations ➡ Implement robust sandboxing to detect obfuscated code
➡ Monitor suspicious use of LoadResource and other API calls
➡ Enhance behavioral analysis to detect unusual control flow manipulations
➡ Educate users about risks of downloading executables from unverified sources
Quelle  Palo Alto Networks (Unit 42)

Read full article: https://unit42.paloaltonetworks.com/packer-as-a-service-heartcrypt-malware/

The above summary has been generated by an AI language model

Quelle

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

lade-bild
London, GB
2:15 am, März 7, 2025
Wetter-Symbol 11°C
L: 9° | H: 12°
overcast clouds
Luftfeuchtigkeit: 77 %
Druck: 1012 mb
Wind: 5 mph S
Windböe: 0 mph
UV-Index: 0
Niederschlag: 0 mm
Wolken: 100%
Regen Chance: 0%
Sichtbarkeit: 10 km
Sonnenaufgang: 6:32 am
Sonnenuntergang: 5:50 pm
TäglichStündlich
Tägliche VorhersageStündliche Vorhersage
Today 9:00 pm
Wetter-Symbol
9° | 12°°C 0 mm 0% 11 mph 82 % 1012 mb 0 mm/h
Tomorrow 9:00 pm
Wetter-Symbol
9° | 14°°C 0 mm 0% 10 mph 78 % 1011 mb 0 mm/h
So. März 09 9:00 pm
Wetter-Symbol
9° | 16°°C 0 mm 0% 9 mph 80 % 1005 mb 0 mm/h
Mo. März 10 9:00 pm
Wetter-Symbol
7° | 13°°C 0 mm 0% 12 mph 87 % 1005 mb 0 mm/h
Di. März 11 9:00 pm
Wetter-Symbol
4° | 7°°C 1 mm 100% 14 mph 91 % 1008 mb 0.13 mm/h
Today 3:00 am
Wetter-Symbol
11° | 11°°C 0 mm 0% 8 mph 77 % 1011 mb 0 mm/h
Today 6:00 am
Wetter-Symbol
9° | 10°°C 0 mm 0% 7 mph 82 % 1011 mb 0 mm/h
Today 9:00 am
Wetter-Symbol
11° | 11°°C 0 mm 0% 9 mph 79 % 1012 mb 0 mm/h
Today 12:00 pm
Wetter-Symbol
15° | 15°°C 0 mm 0% 11 mph 63 % 1012 mb 0 mm/h
Today 3:00 pm
Wetter-Symbol
14° | 14°°C 0 mm 0% 10 mph 64 % 1012 mb 0 mm/h
Today 6:00 pm
Wetter-Symbol
13° | 13°°C 0 mm 0% 7 mph 71 % 1012 mb 0 mm/h
Today 9:00 pm
Wetter-Symbol
12° | 12°°C 0 mm 0% 7 mph 72 % 1012 mb 0 mm/h
Tomorrow 12:00 am
Wetter-Symbol
10° | 10°°C 0 mm 0% 6 mph 73 % 1011 mb 0 mm/h
Wetter von OpenWeatherMap
Name Preis24H (%)
Bitcoin(BTC)
€81,703.99
-3.83%
Ethereum(ETH)
€2,017.12
-4.52%
XRP(XRP)
€2.30
-1.61%
Fesseln(USDT)
€0.93
0.01%
Solana(SOL)
€130.65
-5.10%
USDC(USDC)
€0.93
0.00%
Dogecoin(DOGE)
€0.183340
-4.34%
Shiba Inu(SHIB)
€0.000012
-1.40%
Pepe(PEPE)
€0.000006
-5.87%
Peanut das Eichhörnchen(PNUT)
€0.201372
5.99%
Risikomonitor
Erkennen und überwachen Sie IT-Schwachstellen mit nur einem Klick, bevor es zu spät ist.

Verbindung zum Dienstprogramm

Nützlicher Link

Newsletter

Folgen Sie uns

Facebook Twitter Youtube Linkedin

© 2025 risikomonitor.com gmbh

Nach oben scrollen