← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - MAAS VIP_Keylogger Campaign
WHITE celestre 2026-03-11 Modified: 2026-04-10
11
IOCs
MEDIUM VOLUME
While surfing through VirusTotal we found an interesting email content persuading the victim to open an attached purchase order which in fact is a RAR file which contained a exe (ÜRÜN ÇİZİMİ VE TEKNİK ÖZELLİKLERİ_xlsx.exe). The .exe file when executed ultimately extracts and executes VIP_Keylogger in memory without touching the disk.
spyware
Indicators of Compromise (2 / 11 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 03ae7b3bdaa1614aee51a35e9426ade258bb30498743467823bd80b19de0ad9b SHA256 of ea72845a790da66a7870da4da8924eb3 2026-03-11
FileHash-SHA256 bba56d9918978e618e27cacf2997e3aeebed5d85bf657daaf0841b89b6cc4cb3 SHA256 of e7c42f2d0ff38f1b9f51dc5d745418f5 2026-03-11
References (1)
↗ https://labs.k7computing.com/index.php/maas-vip_keylogger-campaign/