SHA256MediumSignal 29/100
90ce4ff9da23ac150da0a8e17930cab1e369aa349fdc1b65691b70369145664a
First Seen
Jun 12, 2026
Last Seen
Jun 12, 2026
Found in 1 report. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
29%
Signal Score
29 / 100
IDS Rule
No
Threat Context
Tags
Feed Intelligence Summary
1 report29% confidence
1
Source reports
29%
Confidence score
Category tags
amaterafile-hashindicatorinfostealerlummaremusresearchedstealcsvitstealervidar
Activity Timeline
Jun 12Jun 12
Threat Activity Heatmap
· Peak: 2026-06-12LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
29
SIGNAL
Signal Score
29%
Confidence
1
Reports
First seenJun 12, 2026
Last seenJun 12, 2026
VirusTotal
Not checked
WHOIS
- description
- Not every threat that matters is technically sophisticated, and that is also the case with GoFlateLoader, which is a rather simple loader written in Go, whose sole purpose is to decode and execute the payload in memory. What stands out the most is not what the loader does but rather what it does not do – it comes without anti-debugging, anti-VM, or sandbox-evasion checks, and also lacks API hashing or CFG obfuscation, the kind of tricks that loaders almost always come with. Instead, GoFlateLoader relies on one of the simplest yet still effective tricks to stay under the radar – it appends a massive PE overlay at the end of the file, deliberately inflating the binary's size (hence the name GoFlateLoader).
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 3 days ago · Last seen 3 days ago
Appeared in 1 threat report