General

  • Target

    2025-05-03_6325b32ae13417a251ffba6407338f39_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch

  • Size

    4.2MB

  • MD5

    6325b32ae13417a251ffba6407338f39

  • SHA1

    a72e8375a3a8f7dcbf6404f1dea125d5baf9c66f

  • SHA256

    55af40f0064ee81eda1cdbabea8cc7a9e37087674ab518357f5f2455c177693d

  • SHA512

    6f00171805a55a9893c6e2ebf0b3938cf1326fb0ddb690dcec880dde1e49d54edd00291426ae7e382bd739fa18fdf614b9b5b778f4eb78c0965a18c961069f91

  • SSDEEP

    49152:ieutLO9rb/TrvO90dL3BmAFd4A64nsfJJ2TIA5GNP1Jr4u/TgAPNdi9128qk1q4N:ieF+iIAEl1JPz212IhzL+Bzz3dw/Vr

Score
10/10

Malware Config

Signatures

  • Gofing family
  • Gofing is a ransomware written in Golang using Velocity Polymorphic Compression (VPC) obfuscation. 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2025-05-03_6325b32ae13417a251ffba6407338f39_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch
    .exe windows:6 windows x64 arch:x64

    c7269d59926fa4252270f407e4dab043


    Headers

    Imports

    Sections