General
-
Target
2025-03-30_7ca9449b9ffe58ffb418045d93a460ba_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch
-
Size
4.2MB
-
Sample
250330-w65a7atydt
-
MD5
7ca9449b9ffe58ffb418045d93a460ba
-
SHA1
4a1241a33d9e1717f8239e4b6a7ed2a3ed0ea8d5
-
SHA256
46b33af09d640fc43383ce71f8e4ac018f3f153f13c2390cf72c51116e758c4a
-
SHA512
dd8ce02fceb5d5300f8268a74c08f7fbf65341757fdf1311c108355e6c9c04189ae6e47367074700c1e4a2523c8bfb0e9f57b4f735852a998975dbf5981f3b17
-
SSDEEP
49152:ieutLO9rb/TrvO90dL3BmAFd4A64nsfJJ2TIA5GNP1Jr4u/TgAPNdi9128qk1q4r:ieF+iIAEl1JPz212IhzL+Bzz3dw/Vd
Malware Config
Targets
-
-
Target
2025-03-30_7ca9449b9ffe58ffb418045d93a460ba_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch
-
Size
4.2MB
-
MD5
7ca9449b9ffe58ffb418045d93a460ba
-
SHA1
4a1241a33d9e1717f8239e4b6a7ed2a3ed0ea8d5
-
SHA256
46b33af09d640fc43383ce71f8e4ac018f3f153f13c2390cf72c51116e758c4a
-
SHA512
dd8ce02fceb5d5300f8268a74c08f7fbf65341757fdf1311c108355e6c9c04189ae6e47367074700c1e4a2523c8bfb0e9f57b4f735852a998975dbf5981f3b17
-
SSDEEP
49152:ieutLO9rb/TrvO90dL3BmAFd4A64nsfJJ2TIA5GNP1Jr4u/TgAPNdi9128qk1q4r:ieF+iIAEl1JPz212IhzL+Bzz3dw/Vd
Score10/10-
Gofing
Gofing is a ransomware written in Golang using Velocity Polymorphic Compression (VPC) obfuscation.
-
Gofing family
-
Gofing is a ransomware written in Golang using Velocity Polymorphic Compression (VPC) obfuscation.
-
Drops file in Drivers directory
-
Manipulates Digital Signatures
Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-