Verschlüsselte Herzen: Offenlegung des HeartCrypt Packer-as-a-Service-Betriebs

Category	Einzelheiten
Threat Actors	Unknown actors offering the HeartCrypt PaaS targeting various regions and industries.
Campaign Overview	HeartCrypt is a Packer-as-a-Service (PaaS) launched in February 2024, used to protect malware by obfuscating code within legitimate binaries. Advertised in underground forums and Telegram, it supports 32-bit Windows payloads for $20 per file.
Target Regions (Victims)	Observed campaigns in Latin America and other global regions. Specific targets include industries and individuals.
Methodology	HeartCrypt injects malicious code into legitimate executables. Techniques include: ➡ Control flow hijacking ➡ Obfuscation (stack strings, junk bytes, etc.) ➡ Anti-sandboxing methods (loop emulation and Windows Defender evasion)
Product Targeted	Windows systems, particularly 32-bit binaries.
Malware Reference	Associated with LummaStealer, Remcos RAT, XWorm, Quasar RAT, RedLine Stealer, and others.
Tools Used	➡ Telegram ➡ Underground forums (e.g., XSS.is, Exploit.in, BlackHatForums) ➡ API abuse (e.g., LoadResource, VirtualProtect)
Vulnerabilities Exploited	Anti-sandbox evasion techniques targeting: ➡ Windows Defender’s VDLL ➡ VM detection with d3d9 library ➡ Dependency emulation checks
TTPs	➡ Packer services for malware ➡ Use of legitimate binaries for obfuscation ➡ Extensive use of control flow obfuscation (jmp instructions, PIC) ➡ Dynamic API resolution ➡ Tailored payload injection into binaries
Attribution	Development observed since July 2023 by unknown operators, possibly cybercriminal syndicates.
Recommendations	➡ Implement robust sandboxing to detect obfuscated code ➡ Monitor suspicious use of LoadResource and other API calls ➡ Enhance behavioral analysis to detect unusual control flow manipulations ➡ Educate users about risks of downloading executables from unverified sources
Quelle	Palo Alto Networks (Unit 42)

Read full article: https://unit42.paloaltonetworks.com/packer-as-a-service-heartcrypt-malware/

The above summary has been generated by an AI language model

Quelle

Kommentar verfassen Kommentieren abbrechen

London, GB

3:25 am, Apr. 4, 2025

10°C

L: 8° | H: 11°

Fühlt sich an wie 10°C° overcast clouds

Luftfeuchtigkeit: 81 %

Druck: 1019 mb

Wind: 1 mph NE

Windböe: 3 mph

UV-Index: 0

Niederschlag: 0 mm

Wolken: 100%

Regen Chance: 0%

Sichtbarkeit: 7 km

Sonnenaufgang: 6:28 am

Sonnenuntergang: 7:37 pm

TäglichStündlich

Tägliche VorhersageStündliche Vorhersage

Today 10:00 pm

8° | 11°°C 0 mm 0% 13 mph 82 % 1020 mb 0 mm/h

Tomorrow 10:00 pm

7° | 17°°C 0 mm 0% 13 mph 72 % 1021 mb 0 mm/h

So. Apr. 06 10:00 pm

7° | 13°°C 0 mm 0% 13 mph 78 % 1027 mb 0 mm/h

Mo. Apr. 07 10:00 pm

5° | 14°°C 0 mm 0% 8 mph 77 % 1029 mb 0 mm/h

Di. Apr. 08 10:00 pm

5° | 14°°C 0 mm 0% 8 mph 73 % 1030 mb 0 mm/h

Today 4:00 am

10° | 10°°C 0 mm 0% 4 mph 81 % 1019 mb 0 mm/h

Today 7:00 am

10° | 10°°C 0 mm 0% 5 mph 82 % 1019 mb 0 mm/h

Today 10:00 am

14° | 17°°C 0 mm 0% 9 mph 67 % 1020 mb 0 mm/h

Today 1:00 pm

20° | 20°°C 0 mm 0% 11 mph 46 % 1019 mb 0 mm/h

Today 4:00 pm

19° | 19°°C 0 mm 0% 13 mph 40 % 1018 mb 0 mm/h

Today 7:00 pm

15° | 15°°C 0 mm 0% 10 mph 57 % 1018 mb 0 mm/h

Today 10:00 pm

12° | 12°°C 0 mm 0% 10 mph 66 % 1019 mb 0 mm/h

Tomorrow 1:00 am

9° | 9°°C 0 mm 0% 10 mph 65 % 1019 mb 0 mm/h

Name	Preis	24H (%)
Bitcoin(BTC)	€75,188.58	-0.24%
Ethereum(ETH)	€1,628.40	-1.03%
Fesseln(USDT)	€0.90	-0.02%
XRP(XRP)	€1.87	1.13%
USDC(USDC)	€0.90	-0.01%
Solana(SOL)	€104.98	-2.55%
Dogecoin(DOGE)	€0.146817	-1.34%
Shiba Inu(SHIB)	€0.000011	-0.83%
Pepe(PEPE)	€0.000006	-5.62%

Verschlüsselte Herzen: Offenlegung des HeartCrypt Packer-as-a-Service-Betriebs

Teilen:

Kommentar verfassen Kommentieren abbrechen

Verbindung zum Dienstprogramm

Nützlicher Link

Newsletter

Folgen Sie uns