216.73.216.133

Crypted Hearts: Exposing the HeartCrypt Packer-as-a-Service Operation

· Published 14/12/2024 07:04 · Modified 16/12/2024 12:03

Export JSON

Essential information

Published
14/12/2024 07:04
Modified
16/12/2024 12:03
Tags
2024-12-14 anti-sandbox heartcrypt lummastealer packer-as-a-service process-hollowing quasar rat redline stealer remcos rhadamanthys vidar stealer xworm
Related entities
9 techniques (mitre), 7 malware

Description

This analysis examines , a new (PaaS) used to protect malware. Developed since July 2023 and launched in February 2024, charges $20 per file to pack Windows x86 and .NET payloads. It is primarily used by malware operators of families like , , and . injects malicious code into legitimate binaries and employs various obfuscation techniques to hinder analysis. The packer executes in multiple stages, using encoded resources and measures. Over 2,000 malicious payloads across 45 malware families have utilized , highlighting the increasing commoditization of malware development and the need for proactive threat hunting.

External references