IOC Radar
SHA1HighVerifiedSignal 100/100

590e64f6b5d393112484f61493929ef01c930edf

Location
PeruPeru
First Seen
May 10, 2025
Last Seen
Apr 7, 2026
May 10
First Seen
402d ago
Apr 7
Last Seen
69d ago
6
Reports
source reports
99%
Confidence
high
Found in 6 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
SHA-1 Hash
SHA-1 file hash associated with malicious samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA1
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

28 techniques

Feed Intelligence Summary

6 reports99% confidence
6
Source reports
99%
Confidence score
Category tags
adrian__lucabanking trojanbotnetbotnet activitybrute forcecommandcommand and controlcontrolcorruptcredential accesscredential stuffingcredential theftdata exfiltrationdata store exposuredistributed attacksexeexecutable fileexploitation activityfile-hashformbook malware activityidentity & access exploitationindicatorinformation stealinginfostealerinjection activitymaasmalicious softwaremalspam campaignmalwaremalware-as-a-serviceoperating systempeexeperuphishingphishing attackprocess injectionremote accessremote servicesresearchedscreen capturesouth americaspamt1005t1021t1021.001t1027t1036t1041t1055t1056t1056.001t1059t1059.001t1069.001t1071t1071.001t1078t1080t1113t1189t1192t1204t1486t1496t1497t1499.002t1499.003t1547t1565t1566tcticasthreat actortor nodewin32 malwarewindows malware

Activity Timeline

1 total obs
Apr 7Apr 7

Threat Activity Heatmap

· Peak: 2026-04-07
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated

This Indicator of Compromise (IOC), identified as a SHA1 hash, signifies a critical threat, with a score of 100.0, indicating a high likelihood of malicious activity. Its presence in an environment strongly suggests a compromise by advanced information-stealing malware, specifically FormBook, which is known for its pervasive and destructive capabilities. FormBook is notorious for its capabilities in credential harvesting, data exfiltration, and facilitating further unauthorized access to comprom…

Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
6
Reports
First seenMay 10, 2025
Last seenApr 7, 2026
Verified IOC

VirusTotal

Not checked

WHOIS

description
PE32 executable (GUI) Intel 80386, for MS Windows
references
https://www.virustotal.com/graph/embed/gc647d27a24344458abad66b9c9b0531f3a28abc422084b9ca44d7d60c1732b42?theme=light, https://darfe.es/ciberwiki/index.php?title=Formbook, https://bazaar.abuse.ch/export/csv/recent/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 1 year ago · Last seen 2 months ago
Appeared in 6 threat reports