General

  • Target

    2025-05-03_2aa6a01aacb78594f27a081de95ffd2d_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch

  • Size

    5.6MB

  • MD5

    2aa6a01aacb78594f27a081de95ffd2d

  • SHA1

    4c44a6b1bd1f62e34f2fa228f78b1344ef5ba6b5

  • SHA256

    e6a7987298df48a175d3c2358b4227c5f44d075cde23d5e419ca961bb62890b5

  • SHA512

    c759a81a43c43d05e3161e35d6cd90102f9c09e022ce773689be685f251979bef1f3a92c22e95f701e6c54688a086899bcf72281675864e7f644f432810b0614

  • SSDEEP

    98304:ieF+iIAEl1JPz212IhzL+Bzz3dw/V1rY7UGwwjPY5V1+d:pWvSDzaxztQVeICjAYd

Score
10/10

Malware Config

Signatures

  • Gofing family
  • Gofing is a ransomware written in Golang using Velocity Polymorphic Compression (VPC) obfuscation. 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2025-05-03_2aa6a01aacb78594f27a081de95ffd2d_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch
    .exe windows:6 windows x64 arch:x64

    c7269d59926fa4252270f407e4dab043


    Headers

    Imports

    Sections