WhisperGate Wiper Download

WhisperGate Wiper Download
WhisperGate is a fake ransomware targeted toward Ukrainian victims. It destroys user data and display a ransom note demanding $10000 in bitcoins. It has two components, the first component, named "stage1.exe", overwrites the Master Boot Record (MBR) and displays a ransom note. The second component, named "stage2.exe", is executed simultaneously to download a data destroying malware named "Tbopbh.jpg" hosted on Discord that overwrites targeted files with static data.

WhisperGate MBR Wiper Signatures

Family: DoS:Win32/WhisperGate.X!dha
MD5: 5d5c99a08a7d927346ca2dafa7973fc1
SHA256: a196c6b8ffcb97ffb276d04f354696e2391311db3841ae16c8c9f56f36a38e92

WhisperGate MBR Wiper Download

Download WhisperGate MBR Wiper Sample

WhisperGate Data Wiper Signatures

Family: DoS:Win32/WhisperGate.H!dha
MD5: 14c8482f302b5e81e3fa1b18a509289d
SHA256: dcbbae5a1c61dbbbb7dcd6dc5dd1eb1169f5329958d38b58c3fd9384081c9b78

WhisperGate Data Wiper Download

Download WhisperGate Data Wiper Sample

WhisperGate Discord Payload Signatures

Family: DoS:Win32/WhisperGate.I!dha
MD5: b3370eb3c5ef6c536195b3bea0120929
SHA256: 923eb77b3c9e11d6c56052318c119c1a22d11ab71675e6b95d05eeb73d1accd6

WhisperGate Discord Payload Download

Download WhisperGate Discord Payload Sample