General

  • Target

    2025-05-18_06c29549810b4973e4d12e9f7c275892_cobalt-strike_frostygoop_ghostlocker_gofing_luca-stealer_sliver_snatch

  • Size

    4.1MB

  • MD5

    06c29549810b4973e4d12e9f7c275892

  • SHA1

    3062854b6b2001b5a5a8d7a4b51edf403b052329

  • SHA256

    6e285adb69def0f37eb2a6cb3742d3f8d012f98bce958a369a1316478b10ba56

  • SHA512

    14aca7253b90d59d2cd01877638c4e2f12dbffd00d75bea1c8db730009bb0cddfaaffbabe87195d7ee02c01e6ff7a4ab93b92d057ba57159058d1e042986aab1

  • SSDEEP

    49152:ieutLO9rb/TrvO90dL3BmAFd4A64nsfJJ2TIA5GNP1Jr4u/TgAPNdi9128qk1q4+:ieF+iIAEl1JPz212IhzL+Bzz3dw/Vw

Score
10/10

Malware Config

Signatures

  • Gofing family
  • Gofing is a ransomware written in Golang using Velocity Polymorphic Compression (VPC) obfuscation. 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2025-05-18_06c29549810b4973e4d12e9f7c275892_cobalt-strike_frostygoop_ghostlocker_gofing_luca-stealer_sliver_snatch
    .exe windows:6 windows x64 arch:x64

    c7269d59926fa4252270f407e4dab043


    Headers

    Imports

    Sections