IOC Radar
TLP:WHITE2 IOCs

GoFlateLoader Malware Drops Lumma, Vidar, and StealC Payloads

CP
Cyber Press
Published June 11, 2026Original Report

Malware Families

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYunknownINFRASTRUCTUREunknownCAPABILITYLummaStealcVidarVICTIMunknown
Adversary
Infrastructure
Capability(3)
Victim

Attack Flow5 steps · MITRE ATT&CK mapped

Defense EvasionTA0005·T1036
1/5
Masquerading
ActionInflate file size with overlay
GoFlateLoader appends a massive Portable Executable (PE) overlay to inflate its file size, evading security tools with file-size limits.

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise2

TypeIndicatorConfidenceScoreFirst Seen
SHA256ed5ae7f36453c5a23e9868a5729d67e0549a11f6dea54f5f52d654a8f51d4902
file-hashintel-blogmalware
Medium
53
Jun 11, 26
SHA256b88c5744975d2abb447aecc6c090fee9f8580413f4612eecdc6ed1973e8a1739
file-hashintel-blogmalware
Medium
53
Jun 11, 26

IOC Relationship Graph

IOC Relationship Graph2 total IOCs
SHA256
SHA2562Malware3REPORTGoFlateLoader Malware DropLummaStealcVidar
scroll to zoom · drag to pan · click IOC to open