Analysis

  • max time kernel
    137s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    30/03/2025, 18:31

General

  • Target

    2025-03-30_798f4ea105c93bccc7a4dd2993088976_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe

  • Size

    4.2MB

  • MD5

    798f4ea105c93bccc7a4dd2993088976

  • SHA1

    650f099bc9c65865c4025568c919e65648144491

  • SHA256

    55177243179930b753017f881920032df2d371697b43ee32e538f55a59ac40bd

  • SHA512

    11091dbb75d54f1d8eb966fac089458338fce926ed6a1a953cdecb751a470045505edd2dd7149e2f16040e8186744c6570adc71a59afba2cabf565b5a97d91fc

  • SSDEEP

    49152:ieutLO9rb/TrvO90dL3BmAFd4A64nsfJJ2TIA5GNP1Jr4u/TgAPNdi9128qk1q4R:ieF+iIAEl1JPz212IhzL+Bzz3dw/Vv

Score
10/10

Malware Config

Signatures

  • Gofing

    Gofing is a ransomware written in Golang using Velocity Polymorphic Compression (VPC) obfuscation.

  • Gofing family
  • Gofing is a ransomware written in Golang using Velocity Polymorphic Compression (VPC) obfuscation. 1 IoCs
  • Drops desktop.ini file(s) 10 IoCs
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-03-30_798f4ea105c93bccc7a4dd2993088976_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-03-30_798f4ea105c93bccc7a4dd2993088976_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe"
    1⤵
    • Drops desktop.ini file(s)
    • Drops file in Program Files directory
    PID:3056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\PidGenX.dll

    Filesize

    5.3MB

    MD5

    adb0f34c4164bf23b1228af907f099ce

    SHA1

    0a8102507dbffdbad699b54d7b8023753546e11a

    SHA256

    01dfe692bebaba2b9328bb94a632da818ac6831b231513eae582bae41081202f

    SHA512

    cf689bcd21f4213568c12ada53d269c559f7b0003c0f3604c8f4aacbd5b3dddbd344f3edff45fe1129eccc7bc7d01077370aff74b6d4d78320c22d2295a032b8