MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a7a14e8740be1c90c2082c78741e54e91ebcdc16a37ee3eb9384b32bd5b10a15. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


VIPKeylogger


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a7a14e8740be1c90c2082c78741e54e91ebcdc16a37ee3eb9384b32bd5b10a15
SHA3-384 hash: f1988deb8e3206288632a318cc8e8f77352a6ef834f29ca3858531e2735b67c0d7650cd3246d3e7c500c2f6016dfb61e
SHA1 hash: a2421df90e172af41c6f472fd28bec4dcb70c6d2
MD5 hash: c7ba85ccaaad2b0eb7652d8abcd2fa47
humanhash: rugby-floor-rugby-white
File name:nRichiesta_di_preventivo_-_RFQ20260203_Listino_prezzi_commerciale_pdf.r00
Download: download sample
Signature VIPKeylogger
Create hunting rule
File size:1'896 bytes
First seen:2026-02-03 14:01:14 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 48:ZS2ong8Gky/roZK7r09JH5W+EmubNeZ8Y6kqfbrPxoj:ZSHn2l/rSKY2mcs8Y6kgP6j
TLSH T1EB413BCA1EEAE5005CA59D729889D839F388A967308CE6786B640FC04D0C271DDDA88C
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika rar
Reporter FXOLabs
Tags:r00 VIPKeylogger

Intelligence

File Origin
# of uploads :
1
# of downloads :
33
Origin country :
BR BR
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:Richiesta di preventivo - RFQ20260203_Listino prezzi commerciale_pdf.bat
File size:2'912 bytes
SHA256 hash: 50e1c4bda6062d6303c3cb79a1eaf732cd82340537e947265bd7a637049c3c57
MD5 hash: 3f08b3c20f2ccf735414b01062ea7c95
MIME type:text/plain
Signature VIPKeylogger
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/ab2227fb-86ec-4779-92d6-e6e03a3f7722/
Detection(s):
Legacy.Trojan.Agent-1388784
Create hunting rule

Legacy.Trojan.Agent-1388773
Create hunting rule

Sanesecurity.Foxhole.Rar_badexts54.UNOFFICIAL
Create hunting rule

Sanesecurity.Foxhole.Rar_pdf.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6981ffd7183032faf3eeed28
Tags:
xtreme shell sage
Verdict:
Suspicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/a7a14e8740be1c90c2082c78741e54e91ebcdc16a37ee3eb9384b32bd5b10a15
Verdict:
Malicious
File Type:
rar
Link:
https://opentip.kaspersky.com/a7a14e8740be1c90c2082c78741e54e91ebcdc16a37ee3eb9384b32bd5b10a15/results?tab=lookup
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a7a14e8740be1c90c2082c78741e54e91ebcdc16a37ee3eb9384b32bd5b10a15/
Threat name:
Win32.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2026-02-03 13:39:35 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
8 of 24 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=u6qu5b2axyojbqqifr4hihsu5eplzxawun7oh24tqszsxvnrbikq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/a7a14e8740be1c90c2082c78741e54e91ebcdc16a37ee3eb9384b32bd5b10a15

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

VIPKeylogger

r00 a7a14e8740be1c90c2082c78741e54e91ebcdc16a37ee3eb9384b32bd5b10a15

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments