General

  • Target

    2025-05-19_5b9e5a89eb6c7826167c719c5467aa64_cobalt-strike_frostygoop_ghostlocker_gofing_luca-stealer_sliver_snatch

  • Size

    4.1MB

  • MD5

    5b9e5a89eb6c7826167c719c5467aa64

  • SHA1

    9826337e2b30831871cde19d23c30d6f2b679756

  • SHA256

    42e2feeb098bd035ccbd01d5bd59d6bdf3af9779d445e70085750479592d7376

  • SHA512

    45f9d4f90617d7b233cae22ef484f6d4834eb4d3c17c46568f12901df86179c6be3c2220eb00eee5d46c25adf4abe5c9e619e009198249d0ab5237ec4e818a12

  • SSDEEP

    49152:ieutLO9rb/TrvO90dL3BmAFd4A64nsfJJ2TIA5GNP1Jr4u/TgAPNdi9128qk1q4U:ieF+iIAEl1JPz212IhzL+Bzz3dw/VWey

Score
10/10

Malware Config

Signatures

  • Gofing family
  • Gofing is a ransomware written in Golang using Velocity Polymorphic Compression (VPC) obfuscation. 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2025-05-19_5b9e5a89eb6c7826167c719c5467aa64_cobalt-strike_frostygoop_ghostlocker_gofing_luca-stealer_sliver_snatch
    .exe windows:6 windows x64 arch:x64

    c7269d59926fa4252270f407e4dab043


    Headers

    Imports

    Sections