General
-
Target
2025-03-30_11e310337369a6f765655ff0aee83470_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch
-
Size
5.3MB
-
Sample
250330-wxflgawmw3
-
MD5
11e310337369a6f765655ff0aee83470
-
SHA1
27f69d55df7c3fa857aafb24ade04701636056ce
-
SHA256
db3b522adfe5bd882992b9d8fb6b226863553f602cf9c4d5e2306fec1eb8cd02
-
SHA512
7e667cc8181f4e0f289bcdb6dac4f62a186f85f63382c5369a6262d78e29fa24d56961f27b32a2e5d7a24d6a298450f39343038ce1bb2e41817546f576e28ad6
-
SSDEEP
98304:ieF+iIAEl1JPz212IhzL+Bzz3dw/VdK83WqRZFgB:pWvSDzaxztQVdKx
Malware Config
Targets
-
-
Target
2025-03-30_11e310337369a6f765655ff0aee83470_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch
-
Size
5.3MB
-
MD5
11e310337369a6f765655ff0aee83470
-
SHA1
27f69d55df7c3fa857aafb24ade04701636056ce
-
SHA256
db3b522adfe5bd882992b9d8fb6b226863553f602cf9c4d5e2306fec1eb8cd02
-
SHA512
7e667cc8181f4e0f289bcdb6dac4f62a186f85f63382c5369a6262d78e29fa24d56961f27b32a2e5d7a24d6a298450f39343038ce1bb2e41817546f576e28ad6
-
SSDEEP
98304:ieF+iIAEl1JPz212IhzL+Bzz3dw/VdK83WqRZFgB:pWvSDzaxztQVdKx
Score10/10-
Gofing
Gofing is a ransomware written in Golang using Velocity Polymorphic Compression (VPC) obfuscation.
-
Gofing family
-
Gofing is a ransomware written in Golang using Velocity Polymorphic Compression (VPC) obfuscation.
-
Renames multiple (51) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops Chrome extension
-
Drops desktop.ini file(s)
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-