LogRhythm Logo

HermeticWiper Malware Analysis

On February 23, 2022, HermeticWiper malware was unleashed on Ukrainian organizations by suspected pro-Russian actors.

In this threat intelligence report, LogRhythm Labs guides you through a technical analysis of HermeticWiper to help you detect this type of malware.

Inside the HermeticWiper threat intelligence report

Understanding the technical aspects behind HermeticWiper will help you better prepare against similar techniques. Read this report to:

  • Learn all about HermeticWiper malware and how it works
  • Read a static, behavioral, and code analysis of the malware
  • Discover detection rules using LogRhythm AI Engine

What is HeremeticWiper malware and how does it work?

HermeticWiper is a well-written and effective type of malware that was deployed on Ukrainian targets immediately before Russia’s invasion in February 2022. It is named after the company, Heremetica Digital Ltd, and it is one of many recent wipers seen that likely originated from pro-Russian actors.

HermeticWiper is a 32-bit Windows executable and requires administrative privileges to run. HermeticWiper runs for several minutes and performs the following actions:

  • Gathers information about the host
  • Decompresses and installs a driver
  • Disables crash dumps
  • Stops the Volume Shadow Copy Service (VSS)
  • Checks if the host is a domain controller
  • Overwrites boot sectors
  • Fragments files
  • Shuts down the host
Desktop screen with code

Bolster your knowledge and defense against HermeticWiper

HermeticWiper uses several well-known MITRE ATT&CK™ techniques that can be identified with behavioral detections. To learn more about how to detect this malware and be ready to defend against similar techniques, download this threat intelligence report.

Download Your Guide
Two men consulting

About LogRhythm Labs threat intelligence reports

LogRhythm Labs is comprised of qualified threat researchers who help security professionals detect and respond to attacks by combining actionable intelligence with advanced analytics. 

The team’s threat intelligence reports keep you up to date on the latest threats, such as HermeticWiper malware, to ensure you’re adequately informed and to improve your cybersecurity defense.

LogRhythm is Trusted by 4000+ Customers Worldwide

Nasa Logo
NASA
SiriusXM Satellite Radio Logo
Sirius XM
UCLA Logo
UCLA
Temple University Logo
Temple University
Baker Tilly Logo
Baker Tilly
Chart Industries Logo
Chart Industries
United States Air Force Logo
U.S. Air Force
CDON Marketplace Logo
CDON Marketplace Logo
Bilstein
Bilstein
KIA logo
KIA
Bloomin' Brands logo
Bloomin’ Brands
Advanced Dermatology and Cosmetic Surgery logo
Advanced Dermatology and Cosmetic Surgery

© LogRhythm, Inc. All Rights Reserved.

Privacy Policy |

Terms & Conditions