General
-
Target
VSCodeUserSetup-x64-1.50.1.exe
-
Size
61.1MB
-
Sample
201120-9tga9c6s22
-
MD5
49bcaf117095e95a2aa16b37c3533c92
-
SHA1
a56c59a621812bcd2a07b657e1b21f395250e9bc
-
SHA256
f9d3dfcdfa13a845ca0dfd0b00cf2577d744f86a81786adca3567f6ea121f758
-
SHA512
bbf62701f1d7676a2b315a4c52923c4a5d3b85305e63a8f0d853bbf811b3716054044ca7c64b35ec8b15b8193613ec5b470e9d6cc547eb2f0d9f11e99ab5648c
Static task
static1
Behavioral task
behavioral1
Sample
VSCodeUserSetup-x64-1.50.1.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
VSCodeUserSetup-x64-1.50.1.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
VSCodeUserSetup-x64-1.50.1.exe
-
Size
61.1MB
-
MD5
49bcaf117095e95a2aa16b37c3533c92
-
SHA1
a56c59a621812bcd2a07b657e1b21f395250e9bc
-
SHA256
f9d3dfcdfa13a845ca0dfd0b00cf2577d744f86a81786adca3567f6ea121f758
-
SHA512
bbf62701f1d7676a2b315a4c52923c4a5d3b85305e63a8f0d853bbf811b3716054044ca7c64b35ec8b15b8193613ec5b470e9d6cc547eb2f0d9f11e99ab5648c
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
JavaScript code in executable
-