HermeticWiper Malware Analysis

On February 23, 2022, HermeticWiper malware was unleashed on Ukrainian organizations by suspected pro-Russian actors.

In this threat intelligence report, LogRhythm Labs guides you through a technical analysis of HermeticWiper to help you detect this type of malware.

Inside the HermeticWiper threat intelligence report

Understanding the technical aspects behind HermeticWiper will help you better prepare against similar techniques. Read this report to:

  • Learn all about HermeticWiper malware and how it works
  • Read a static, behavioral, and code analysis of the malware
  • Discover detection rules using LogRhythm AI Engine

What is HeremeticWiper malware and how does it work?

HermeticWiper is a well-written and effective type of malware that was deployed on Ukrainian targets immediately before Russia’s invasion in February 2022. It is named after the company, Heremetica Digital Ltd, and it is one of many recent wipers seen that likely originated from pro-Russian actors.

HermeticWiper is a 32-bit Windows executable and requires administrative privileges to run. HermeticWiper runs for several minutes and performs the following actions:

  • Gathers information about the host
  • Decompresses and installs a driver
  • Disables crash dumps
  • Stops the Volume Shadow Copy Service (VSS)
  • Checks if the host is a domain controller
  • Overwrites boot sectors
  • Fragments files
  • Shuts down the host
Desktop screen with code

Bolster your knowledge and defense against HermeticWiper

HermeticWiper uses several well-known MITRE ATT&CK™ techniques that can be identified with behavioral detections. To learn more about how to detect this malware and be ready to defend against similar techniques, download this threat intelligence report.

Two men consulting

About LogRhythm Labs threat intelligence reports

LogRhythm Labs is comprised of qualified threat researchers who help security professionals detect and respond to attacks by combining actionable intelligence with advanced analytics. 

The team’s threat intelligence reports keep you up to date on the latest threats, such as HermeticWiper malware, to ensure you’re adequately informed and to improve your cybersecurity defense.

LogRhythm is Trusted by 4000+ Customers Worldwide

© LogRhythm, Inc. All Rights Reserved.