Intel Name: Crypted hearts: exposing the heartcrypt packer-as-a-service operation
Date of Scan: December 17, 2024
Impact: Medium
Summary: “Crypted Hearts: Exposing the HeartCrypt Packer-as-a-Service Operation” explores a new malware protection service called HeartCrypt, which has been in development since July 2023 and started offering its services in February 2024. HeartCrypt allows cybercriminals to pack malware into legitimate files, making it harder to detect. The service is advertised on underground forums and Telegram, charging $20 per file for packing Windows x86 and .NET payloads. HeartCrypt is primarily used by operators of malware families like LummaStealer, Remcos, and Rhadamanthys, but also by a range of other crimeware groups. Analysis of HeartCrypt samples reveals payloads containing configuration data, helping to identify and track various malicious campaigns across different industries and regions.