DriveSlayer Wiper

DriveSlayer Wiper
DriveSlayer is another Wiper that is attacking Ukraine on Cyber front. It corrupts the Master Boot Record (MBR) and partition and file system of all available physical drives on Windows machines. DriveSlayer uses raw disk access to destroy data unlike WhisperGate which use high level API to do the same. DriveSlayer abuse the digitally signed certificate of a legitimate partition software EaseUS to gain raw disk access. It the same technique employed by HermeticWiper Malware.

DriveSlayer Wiper Signatures

Family: Trojan:Win32/FoxBlade.A!dha
MD5: 3f4a16b29f2f0532b7ce3e7656799125
SHA256: 1bc44eef75779e3ca1eefb8ff5a64807dbc942b1e4a2672d77b9f6928d292591

DriveSlayer Wiper Download

Download DriveSlayer Wiper Sample