General

  • Target

    2025-05-03_69b3b3182dced676212aa210c6d1b788_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch

  • Size

    5.5MB

  • MD5

    69b3b3182dced676212aa210c6d1b788

  • SHA1

    cbe2071ac02e133d393ef2e77b83b9f13b92c134

  • SHA256

    bf70c00fb12aabed9ff74774348312b5e1a4228bddabf8ecbdefaf6a8ea40638

  • SHA512

    fa05236d393a5662e8ba5676e806398d1ab9d08cdb5efb738daa4575a56d29c2deb3c23779e0e4ccc136788e2388791afef9fd419cab237cd543a6844135f4fa

  • SSDEEP

    98304:ieF+iIAEl1JPz212IhzL+Bzz3dw/V3BZN8WRYcJin+MW:pWvSDzaxztQVRJRYIHb

Score
10/10

Malware Config

Signatures

  • Gofing family
  • Gofing is a ransomware written in Golang using Velocity Polymorphic Compression (VPC) obfuscation. 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2025-05-03_69b3b3182dced676212aa210c6d1b788_cobalt-strike_frostygoop_ghostlocker_luca-stealer_sliver_snatch
    .exe windows:6 windows x64 arch:x64

    c7269d59926fa4252270f407e4dab043


    Headers

    Imports

    Sections