Crypted Hearts: Exposing the HeartCrypt Packer-as-a-Service Operation
Tags
country: Japan Laos
attack-pattern: Data Direct Model Dynamic Api Resolution - T1027.007 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Process Hollowing - T1055.012 Software - T1592.002 Brute Force - T1110 Powershell - T1086 Process Hollowing - T1093
Show in Graph
Common Information
Type Value
UUID 3bbba4bf-61de-4c5b-a84e-466c2324bf64
Fingerprint 2c1403b88fbe06a4
Analysis status DONE
Considered CTI value 0
Text language
Published Dec. 6, 2024, 11 p.m.
Added to db Dec. 14, 2024, 12:09 a.m.
Last updated Dec. 18, 2024, 2:15 p.m.
Headline Crypted Hearts: Exposing the HeartCrypt Packer-as-a-Service Operation
Title Crypted Hearts: Exposing the HeartCrypt Packer-as-a-Service Operation
Detected Hints/Tags/Attributes 81/2/11
Source URLs
Redirection Url
Details Source https://unit42.paloaltonetworks.com/packer-as-a-service-heartcrypt-malware/
URL Provider
Details Provider Source level domain
Details paloaltonetworks.com unit42.paloaltonetworks.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 256 Unit 42 https://unit42.paloaltonetworks.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 42 
xss.is
Details Domain 112 
exploit.in
Details File 1 
k7rn7l32.dll
Details File 1 
ntd3ll.dll
Details File 788 
kernel32.dll
Details File 60 
csc.exe
Details File 49 
applaunch.exe
Details File 2226 
cmd.exe
Details sha256 2 
7f4d6a371e872d8b4999d415401589c32adcfc6cfc26892cfa3316e4fccec270
Details IPv4 1513 
127.0.0.1
Details Windows Registry Key 191 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run