← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - MAAS VIP_Keylogger Campaign
WHITE celestre 2026-03-11 Modified: 2026-04-10
11
IOCs
MEDIUM VOLUME
While surfing through VirusTotal we found an interesting email content persuading the victim to open an attached purchase order which in fact is a RAR file which contained a exe (ÜRÜN ÇİZİMİ VE TEKNİK ÖZELLİKLERİ_xlsx.exe). The .exe file when executed ultimately extracts and executes VIP_Keylogger in memory without touching the disk.
spyware
Indicators of Compromise (4 / 11 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 694c313b660123f393332c2f0f7072b5 2026-03-11
FileHash-MD5 d1df5d64c430b79f7e0e382521e96a14 2026-03-11
FileHash-MD5 e7c42f2d0ff38f1b9f51dc5d745418f5 2026-03-11
FileHash-MD5 ea72845a790da66a7870da4da8924eb3 2026-03-11
References (1)
↗ https://labs.k7computing.com/index.php/maas-vip_keylogger-campaign/