General

  • Target

    2025-05-15_264d96401490fd62ebdd0a924b09af59_cobalt-strike_frostygoop_ghostlocker_gofing_luca-stealer_sliver_snatch

  • Size

    4.2MB

  • MD5

    264d96401490fd62ebdd0a924b09af59

  • SHA1

    3b1c0e4a2464f205a38b8bf3525737e838b76332

  • SHA256

    1323ca39b30040cd5a030c35c14cbc8b5ae1115ad0185c4dc2ff8c3bafe69108

  • SHA512

    763b82082250cf6857c33b9945e8dd3a6ebeaf6804dae40a90efd01ebe647f6db6488f878d61d1e0019a0f9998209e2c270095c35d7545bc7bfe535da6e6e58c

  • SSDEEP

    49152:ieutLO9rb/TrvO90dL3BmAFd4A64nsfJJ2TIA5GNP1Jr4u/TgAPNdi9128qk1q4f:ieF+iIAEl1JPz212IhzL+Bzz3dw/VU0

Score
10/10

Malware Config

Signatures

  • Gofing family
  • Gofing is a ransomware written in Golang using Velocity Polymorphic Compression (VPC) obfuscation. 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2025-05-15_264d96401490fd62ebdd0a924b09af59_cobalt-strike_frostygoop_ghostlocker_gofing_luca-stealer_sliver_snatch
    .exe windows:6 windows x64 arch:x64

    c7269d59926fa4252270f407e4dab043


    Headers

    Imports

    Sections