General

  • Target

    2025-05-02_5d951c92968ca21da3bf552e5841d5f2_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch

  • Size

    5.9MB

  • MD5

    5d951c92968ca21da3bf552e5841d5f2

  • SHA1

    d6090761782d0597eb2e0b139e5211aead020d03

  • SHA256

    78b0a0f2ba9434a0c5fbadf2026f7f354f1b1a78992c8187963f6689d3817c02

  • SHA512

    b29c340aa00e3a2fa394f87229586404a1051186ff403d0ba79ab7e7cfc358b0f64637ac524f019dea7d48321a9f8db5d5eed4ab0260454473bf9db7ee008852

  • SSDEEP

    98304:ieF+iIAEl1JPz212IhzL+Bzz3dw/Vw0lHPuo3lO55Ga8KM:pWvSDzaxztQVwWHmo3lO5oa8D

Score
10/10

Malware Config

Signatures

  • Gofing family
  • Gofing is a ransomware written in Golang using Velocity Polymorphic Compression (VPC) obfuscation. 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2025-05-02_5d951c92968ca21da3bf552e5841d5f2_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch
    .exe windows:6 windows x64 arch:x64

    c7269d59926fa4252270f407e4dab043


    Headers

    Imports

    Sections