General

  • Target

    2025-05-03_d45f2d54c7deef223cec2c0029b5662c_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch

  • Size

    4.2MB

  • MD5

    d45f2d54c7deef223cec2c0029b5662c

  • SHA1

    a0504496905a1e6e216ad44ca2eb1d5bee669473

  • SHA256

    c4a65a85a3a3980a1d2c4315b9e71d4fb8ee38e52bf1e444b02433304e0bf802

  • SHA512

    1bc82469a356c218a0020303320dd2c6601c9422f60d7fac3792f747236b736d04c37c5a34502b44ba9140047eef972b5eeea0baa261040ec23b6f722fbd029c

  • SSDEEP

    49152:ieutLO9rb/TrvO90dL3BmAFd4A64nsfJJ2TIA5GNP1Jr4u/TgAPNdi9128qk1q43:ieF+iIAEl1JPz212IhzL+Bzz3dw/VNPX

Score
10/10

Malware Config

Signatures

  • Gofing family
  • Gofing is a ransomware written in Golang using Velocity Polymorphic Compression (VPC) obfuscation. 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2025-05-03_d45f2d54c7deef223cec2c0029b5662c_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch
    .exe windows:6 windows x64 arch:x64

    c7269d59926fa4252270f407e4dab043


    Headers

    Imports

    Sections