JackOfHearts is the dropper malware responsible for delivering the QueenOfHearts backdoor. QueenOfHearts is one of the three distinct malware families observed as part of a sophisticated threat actor's arsenal. Another one of the malware families comprising the toolkit of the hackers called SlothfulMedia was the subject of a report released by the Department of Homeland Security CISA agency.
AS for JackOfHearts, its task is to prepare the environment of the compromised computer for QueenOfHearts. First, it drops the payload file carrying the backdoor to a specific location on the disc, such as '%AppData%\mediaplayer.exe.' It then proceeds to establish the persistence mechanism of the main payload by creating a Windows service pointing to it. In addition, JackOfHearts creates a shortcut for QueenOfHearts inside the system's startup folder and initiates it immediately.
To minimize the chances of being detected or diminish the malware presence on the targeted system, JackOfHearts' final activity is to create a self-deletion tool placed in the %TEMP% folder, which will delete the dropper from the drive.