Open-source atomic malware analysis

Analyze another

ripple-ts.ripple-ts-vscode-plugin-2.0.35.vsix

VSIX
Verdict: SUSPICIOUS
SHA256: 3e54f79e37c5d3d634dddb2af455977621148b41d4f47bfb24995705698fff2f · 85%
Mal-ecule
O₇(S₁₀As₉C₃Er₂IXe₄Dy₂)H₈(Cm₁₀Cr₂Db₁₁F₇HfOs₂Po₈U)Md₄(InLi₂Pa₁₆)
Size 6.8 MB download
First seen 6 days ago
Analyzed 5 days ago
Ecosystem vscode
Source open-vsx.org

Objectives

hostile severity, 95% confident.
supply-chain/recon-exfil NPM package exfils recon data to OOB callback service
hostile severity, 95% confident.
supply-chain/trojanized Node.js package targets credentials for HTTP exfiltration
suspicious severity, 84% confident.
anti-static/obfuscation High ratio of entropy-heavy identifiers
suspicious severity, 82% confident.
anti-static/obfuscation/string Obfuscated string array declaration
suspicious severity, 94% confident.
command-and-control/backdoor/tasking JS execSync command call
suspicious severity, 90% confident.
execution/autoinstall Package script npm install package
suspicious severity, 94% confident.
execution/lure Fake video meeting media lure
suspicious severity, 90% confident.
exfiltration/stealer Targets env and npm lockfiles
suspicious severity, 85% confident.
impact/wipe/disk Mass file deletion pattern
notable severity, 100% confident.
credential-access/env Reference to env command
notable severity, 100% confident.
discovery/system/fingerprint MAC keyword variants
notable severity, 100% confident.
exfiltration/dns Template string multi-level subdomain with vars

Micro-behaviors

suspicious severity, 84% confident.
data/text LLM sensitive send request
notable severity, 100% confident.
communications/http Service Worker skips waiting phase
notable severity, 100% confident.
data/source Dense repeated Math.pow arithmetic

20 of 176 traits shown

Identity

SHA-256 3e54f79e37c5d3d634dddb2af455977621148b41d4f47bfb24995705698fff2f
Canonical SHA-256 00ceb93575045e1f31e54eb736a9329d87adf0b939cf6d5123a4532f57fa78d9
Filename ripple-ts.ripple-ts-vscode-plugin-2.0.35.vsix
Package ripple-ts/ripple-ts-vscode-plugin
Version 2.0.35

Origin

Source forager
Feed open-vsx.org
Ecosystem vscode
Domain open-vsx.org
URL https://open-vsx.org/api/ripple-ts/ripple-ts-vscode-plugin/2.0.35/file/ripple-ts.ripple-ts-vscode-plugin-2.0.35.vsix

Timeline

First seen 15 Jun 2026 03:27 UTC
First analyzed 15 Jun 2026 04:19 UTC
Last analyzed 15 Jun 2026 04:19 UTC
Last updated 15 Jun 2026 04:19 UTC

Labeling

Label unknown
Label source forager
Traits version 061e3