General
-
Target
2025-03-30_6e92744aa00ad2c209ee29592851e5e5_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch
-
Size
6.0MB
-
Sample
250330-xb9g4atzd1
-
MD5
6e92744aa00ad2c209ee29592851e5e5
-
SHA1
fc57d44fd27a0e03959fec5cf4b266fb760fd452
-
SHA256
732c375ecf56d37bd4fe20bf8f27e083d669e71a8f1c7cf61a20616d2f0738ee
-
SHA512
3d7a0354fbd09fbf21fc79d6dc1f7eac9e002be5a07b35d8ec7fe1a38dab4e4a7d6e5aec16dd34141690220a3c9079fb5267d7ebf96c3de791573d78583a193e
-
SSDEEP
98304:ieF+iIAEl1JPz212IhzL+Bzz3dw/VZ502Kryun3Gcfsxf/9YeO0jM:pWvSDzaxztQVSBn3MQ
Malware Config
Targets
-
-
Target
2025-03-30_6e92744aa00ad2c209ee29592851e5e5_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch
-
Size
6.0MB
-
MD5
6e92744aa00ad2c209ee29592851e5e5
-
SHA1
fc57d44fd27a0e03959fec5cf4b266fb760fd452
-
SHA256
732c375ecf56d37bd4fe20bf8f27e083d669e71a8f1c7cf61a20616d2f0738ee
-
SHA512
3d7a0354fbd09fbf21fc79d6dc1f7eac9e002be5a07b35d8ec7fe1a38dab4e4a7d6e5aec16dd34141690220a3c9079fb5267d7ebf96c3de791573d78583a193e
-
SSDEEP
98304:ieF+iIAEl1JPz212IhzL+Bzz3dw/VZ502Kryun3Gcfsxf/9YeO0jM:pWvSDzaxztQVSBn3MQ
Score10/10-
Gofing
Gofing is a ransomware written in Golang using Velocity Polymorphic Compression (VPC) obfuscation.
-
Gofing family
-
Gofing is a ransomware written in Golang using Velocity Polymorphic Compression (VPC) obfuscation.
-
Drops file in Drivers directory
-
Manipulates Digital Signatures
Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops Chrome extension
-
Drops desktop.ini file(s)
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-