IOC Radar
SHA256LowSignal 48/100

ece7c48eb411b24f26762ede83badb4a644c41d5777129381ac2541804d64fc2

First Seen
May 21, 2026
Last Seen
Jun 12, 2026
May 21
First Seen
22d ago
Jun 12
Last Seen
today
2
Reports
source reports
48%
Confidence
low
Found in 2 reports. Confidence: low. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
48%
Signal Score
48 / 100
IDS Rule
No
Threat Context
Tags

Feed Intelligence Summary

2 reports48% confidence
2
Source reports
48%
Confidence score
Category tags
amaterafile-hashindicatorinfostealerlummaremusresearchedstealcsvitstealervidar

Activity Timeline

1 total obs
Jun 12Jun 12

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
1
Minimal
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
48
SIGNAL
Signal Score
48%
Confidence
2
Reports
First seenMay 21, 2026
Last seenJun 12, 2026

VirusTotal

Not checked

WHOIS

description
Not every threat that matters is technically sophisticated, and that is also the case with GoFlateLoader, which is a rather simple loader written in Go, whose sole purpose is to decode and execute the payload in memory. What stands out the most is not what the loader does but rather what it does not do – it comes without anti-debugging, anti-VM, or sandbox-evasion checks, and also lacks API hashing or CFG obfuscation, the kind of tricks that loaders almost always come with. Instead, GoFlateLoader relies on one of the simplest yet still effective tricks to stay under the radar – it appends a massive PE overlay at the end of the file, deliberately inflating the binary's size (hence the name GoFlateLoader).

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

low
First detected 22 days ago · Last seen today
Appeared in 2 threat reports