General

  • Target

    2025-05-15_395c7f71f6117cd2506dab5d05f779ee_cobalt-strike_frostygoop_ghostlocker_gofing_luca-stealer_sliver_snatch

  • Size

    4.1MB

  • MD5

    395c7f71f6117cd2506dab5d05f779ee

  • SHA1

    31b29705353eb64662e5a77a3ee044a42c726ec3

  • SHA256

    82be4a55e0a3645b631ed0600a970486dbb626478fabfb40c5a280a8d721d5e0

  • SHA512

    9706a67dc66d214e6116bcc80a4959b52f5cb0c5106a062bfb43cf3279e0d1971f4695329dbd68f46b07c065c5da369c62edfa21700ce907e739e5eea55d5bf9

  • SSDEEP

    49152:ieutLO9rb/TrvO90dL3BmAFd4A64nsfJJ2TIA5GNP1Jr4u/TgAPNdi9128qk1q4J:ieF+iIAEl1JPz212IhzL+Bzz3dw/Vr

Score
10/10

Malware Config

Signatures

  • Gofing family
  • Gofing is a ransomware written in Golang using Velocity Polymorphic Compression (VPC) obfuscation. 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2025-05-15_395c7f71f6117cd2506dab5d05f779ee_cobalt-strike_frostygoop_ghostlocker_gofing_luca-stealer_sliver_snatch
    .exe windows:6 windows x64 arch:x64

    c7269d59926fa4252270f407e4dab043


    Headers

    Imports

    Sections