General

  • Target

    2025-05-03_d5b972f131d079f2e16fa7301326e428_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch

  • Size

    4.2MB

  • MD5

    d5b972f131d079f2e16fa7301326e428

  • SHA1

    1ebffcd8ce037fda346622501d0d762e6fc92876

  • SHA256

    dc2c40b9221688ea1f08c3d8b9098f903cc72458bcac94382734e02e92dfd577

  • SHA512

    a44d40f95cc21e0ebd95b2a97c2c05faf52afea87cb0d47ec4395cef0e2ef5904f043e3674c872197538df1cd22e040b296c7e018dceb1c35fbef6ddd835b2a3

  • SSDEEP

    49152:ieutLO9rb/TrvO90dL3BmAFd4A64nsfJJ2TIA5GNP1Jr4u/TgAPNdi9128qk1q4N:ieF+iIAEl1JPz212IhzL+Bzz3dw/Vrr

Score
10/10

Malware Config

Signatures

  • Gofing family
  • Gofing is a ransomware written in Golang using Velocity Polymorphic Compression (VPC) obfuscation. 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2025-05-03_d5b972f131d079f2e16fa7301326e428_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch
    .exe windows:6 windows x64 arch:x64

    c7269d59926fa4252270f407e4dab043


    Headers

    Imports

    Sections