Analysis

  • max time kernel
    132s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    30/03/2025, 18:17

General

  • Target

    2025-03-30_11e310337369a6f765655ff0aee83470_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe

  • Size

    5.3MB

  • MD5

    11e310337369a6f765655ff0aee83470

  • SHA1

    27f69d55df7c3fa857aafb24ade04701636056ce

  • SHA256

    db3b522adfe5bd882992b9d8fb6b226863553f602cf9c4d5e2306fec1eb8cd02

  • SHA512

    7e667cc8181f4e0f289bcdb6dac4f62a186f85f63382c5369a6262d78e29fa24d56961f27b32a2e5d7a24d6a298450f39343038ce1bb2e41817546f576e28ad6

  • SSDEEP

    98304:ieF+iIAEl1JPz212IhzL+Bzz3dw/VdK83WqRZFgB:pWvSDzaxztQVdKx

Score
10/10

Malware Config

Signatures

  • Gofing

    Gofing is a ransomware written in Golang using Velocity Polymorphic Compression (VPC) obfuscation.

  • Gofing family
  • Gofing is a ransomware written in Golang using Velocity Polymorphic Compression (VPC) obfuscation. 1 IoCs
  • Drops desktop.ini file(s) 11 IoCs
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-03-30_11e310337369a6f765655ff0aee83470_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-03-30_11e310337369a6f765655ff0aee83470_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch.exe"
    1⤵
    • Drops desktop.ini file(s)
    • Drops file in Program Files directory
    PID:2612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\PidGenX.dll

    Filesize

    5.3MB

    MD5

    cac7e75373c1828d74c45cb6b4c31584

    SHA1

    e4defad574400471346397ae3685437b788ca636

    SHA256

    733c7aa6e70142397f62d5755867d5060e4991e7441ced6e1981db19773c907b

    SHA512

    822ac1004eb13debd9317611c91688b881467bdbe3c033c54edc3416f0725e267450d2de6db4d6cfc02b397a9148909b831512f432a46b80ac71468c593f79c3