SHA256MediumSignal 29/100
421ce2d2f49c23bbe9f60ef3b9cd38d7eb912ce02e56a61837656210069bd9e2
First Seen
Jun 12, 2026
Last Seen
Jun 12, 2026
Found in 1 report. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
29%
Signal Score
29 / 100
IDS Rule
No
Threat Context
Tags
Feed Intelligence Summary
1 report29% confidence
1
Source reports
29%
Confidence score
Category tags
amaterafile-hashindicatorinfostealerlummaremusresearchedstealcsvitstealervidar
Activity Timeline
Jun 12Jun 12
Threat Activity Heatmap
LessMore
Mon
Wed
Fri
24h
1
Minimal
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
29
SIGNAL
Signal Score
29%
Confidence
1
Reports
First seenJun 12, 2026
Last seenJun 12, 2026
VirusTotal
Not checked
WHOIS
- description
- Not every threat that matters is technically sophisticated, and that is also the case with GoFlateLoader, which is a rather simple loader written in Go, whose sole purpose is to decode and execute the payload in memory. What stands out the most is not what the loader does but rather what it does not do – it comes without anti-debugging, anti-VM, or sandbox-evasion checks, and also lacks API hashing or CFG obfuscation, the kind of tricks that loaders almost always come with. Instead, GoFlateLoader relies on one of the simplest yet still effective tricks to stay under the radar – it appends a massive PE overlay at the end of the file, deliberately inflating the binary's size (hence the name GoFlateLoader).
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected today · Last seen today
Appeared in 1 threat report