Dumping WhisperGate’s wiper from an Eazfuscator obfuscated loader – Max Kersten
Tags
cmtmf-attack-pattern: Process Injection
country: Ukraine
attack-pattern: Data Installutil - T1218.004 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Process Hollowing - T1055.012 Process Injection - T1631 Tool - T1588.002 Installutil - T1118 Powershell - T1086 Process Hollowing - T1093 Process Injection - T1055
Show in Graph
Common Information
Type Value
UUID 9a92c808-bb49-487c-b3f9-b5a688cc7d4d
Fingerprint 8a011bd325b00782
Analysis status DONE
Considered CTI value 2
Text language
Published Jan. 15, 2022, midnight
Added to db Sept. 26, 2022, 9:34 a.m.
Last updated Nov. 14, 2024, 5:56 p.m.
Headline Dumping WhisperGate’s wiper from an Eazfuscator obfuscated loader
Title Dumping WhisperGate’s wiper from an Eazfuscator obfuscated loader – Max Kersten
Detected Hints/Tags/Attributes 33/3/15
Source URLs
Redirection Url
Details Source https://maxkersten.nl/binary-analysis-course/malware-analysis/dumping-whispergates-wiper-from-an-eazfuscator-obfuscated-loader/
URL Provider
Details Provider Source level domain
Details maxkersten.nl maxkersten.nl
Attributes
Details Type #Events CTI Value
Details File 83 
installutil.exe
Details File 15 
app.config
Details File 2 
stage4.bin
Details md5 8 
14c8482f302b5e81e3fa1b18a509289d
Details md5 7 
b3370eb3c5ef6c536195b3bea0120929
Details md5 9 
e61518ae9454a563b8f842286bbdb87b
Details md5 4 
343fcded2aaf874342c557d3d5e5870d
Details sha1 3 
16525cb2fd86dce842107eb1ba6174b23f188537
Details sha1 4 
b2d863fc444b99c479859ad7f012b840f896172e
Details sha1 3 
82d29b52e35e7938e7ee610c04ea9daaf5e08e90
Details sha1 4 
8be3c66aecd425f1f123aadc95830de49d1851b5
Details sha256 21 
dcbbae5a1c61dbbbb7dcd6dc5dd1eb1169f5329958d38b58c3fd9384081c9b78
Details sha256 12 
923eb77b3c9e11d6c56052318c119c1a22d11ab71675e6b95d05eeb73d1accd6
Details sha256 12 
9ef7dbd3da51332a78eff19146d21c82957821e464e8133e9594a07d716d892d
Details sha256 5 
191ca4833351e2e82cb080a42c4848cfbc4b1f3e97250f2700eff4e97cf72019