General

  • Target

    2025-05-15_f6e9a38590df744d7c6dd4e69c357acd_cobalt-strike_frostygoop_ghostlocker_gofing_luca-stealer_sliver_snatch

  • Size

    4.1MB

  • MD5

    f6e9a38590df744d7c6dd4e69c357acd

  • SHA1

    344566d5a0ee9dcd6afe9706e50c4d600aa11727

  • SHA256

    2b1980613cda2c73b223c47750879d1c35f0a4cdb95311be6e923834bcec2106

  • SHA512

    97f44b2f7d8181811e4f0419e4e97b8ce0ce5a60170873490e142b0c393b6e5b2cc17c043e858608c5cd50f036132d26c22d59f69c736dd85719ea12e46b5611

  • SSDEEP

    49152:ieutLO9rb/TrvO90dL3BmAFd4A64nsfJJ2TIA5GNP1Jr4u/TgAPNdi9128qk1q49:ieF+iIAEl1JPz212IhzL+Bzz3dw/Vj

Score
10/10

Malware Config

Signatures

  • Gofing family
  • Gofing is a ransomware written in Golang using Velocity Polymorphic Compression (VPC) obfuscation. 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2025-05-15_f6e9a38590df744d7c6dd4e69c357acd_cobalt-strike_frostygoop_ghostlocker_gofing_luca-stealer_sliver_snatch
    .exe windows:6 windows x64 arch:x64

    c7269d59926fa4252270f407e4dab043


    Headers

    Imports

    Sections