General

  • Target

    2025-05-15_f3ed9cd9921dfa3797fdd934bd8ac588_cobalt-strike_frostygoop_ghostlocker_gofing_luca-stealer_sliver_snatch

  • Size

    4.1MB

  • MD5

    f3ed9cd9921dfa3797fdd934bd8ac588

  • SHA1

    0fa86de71b5db72945d23335ac0f2d0ed93c49dd

  • SHA256

    b483a3149d98dc85a6bb102b1b7d77531a256cc92b811e8ee7aca50c99fe3d09

  • SHA512

    cd7b1d6246bdaeb662400fc9bbb8563b21ce7c063f188ebb9c20c1d87baad4fc09fad3821f0246100b517909a6a41ad63e506cce355845059ae61870d7adb701

  • SSDEEP

    49152:ieutLO9rb/TrvO90dL3BmAFd4A64nsfJJ2TIA5GNP1Jr4u/TgAPNdi9128qk1q4+:ieF+iIAEl1JPz212IhzL+Bzz3dw/Vc

Score
10/10

Malware Config

Signatures

  • Gofing family
  • Gofing is a ransomware written in Golang using Velocity Polymorphic Compression (VPC) obfuscation. 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2025-05-15_f3ed9cd9921dfa3797fdd934bd8ac588_cobalt-strike_frostygoop_ghostlocker_gofing_luca-stealer_sliver_snatch
    .exe windows:6 windows x64 arch:x64

    c7269d59926fa4252270f407e4dab043


    Headers

    Imports

    Sections