Unveiling “Vetta Loader”: A custom loader hitting Italy and spread through infected USB Drives
Common Information
| Type | Value |
|---|---|
| UUID | 10bee7da-a40d-4228-9470-800a2042a459 |
| Fingerprint | 8b2259bd8ffe255300d9f4bf1abccb8c6edab807a6396096e2f092a2d8abe9a1 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Dec. 5, 2023, 11:17 a.m. |
| Added to db | June 2, 2024, 11:10 a.m. |
| Last updated | Aug. 31, 2024, 8:13 a.m. |
| Headline | Unveiling “Vetta Loader”: A custom loader hitting Italy and spread through infected USB Drives |
| Title | Unveiling “Vetta Loader”: A custom loader hitting Italy and spread through infected USB Drives |
| Detected Hints/Tags/Attributes | 73/3/76 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 7 | start.py |
|
| Details | Domain | 1 | coronausb.py |
|
| Details | Domain | 1 | cboard.py |
|
| Details | Domain | 1 | runservice.py |
|
| Details | Domain | 4 | info.py |
|
| Details | Domain | 2 | connection.py |
|
| Details | Domain | 29 | vimeo.com |
|
| Details | Domain | 2 | evinfeoptasw.dedyn.io |
|
| Details | Domain | 2 | luke.compeyson.eu.org |
|
| Details | Domain | 1 | executer.py |
|
| Details | Domain | 1 | executor.py |
|
| Details | Domain | 140 | archive.org |
|
| Details | Domain | 2 | wjecpujpanmwm.tk |
|
| Details | Domain | 2 | studiofotografico35mm.altervista.org |
|
| Details | Domain | 2 | ncnskjhrbefwifjhww.tk |
|
| Details | Domain | 2 | geraldonsboutique.altervista.org |
|
| Details | Domain | 2 | captcha.grouphelp.top |
|
| Details | Domain | 2 | lucaespo.altervista.org |
|
| Details | Domain | 2 | captcha.tgbot.it |
|
| Details | Domain | 2 | monumental.ga |
|
| Details | Domain | 2 | bobsmith.apiworld.cf |
|
| Details | Domain | 1 | luke.compeysonp.eu.org |
|
| Details | Domain | 2 | eu1.microtunnel.it |
|
| Details | Domain | 3 | www.yoroi.company |
|
| Details | Domain | 15 | yoroi.company |
|
| Details | 2 | info@yoroi.company |
||
| Details | File | 5 | start.py |
|
| Details | File | 1 | coronausb.py |
|
| Details | File | 1 | cboard.py |
|
| Details | File | 1 | runservice.py |
|
| Details | File | 4 | info.py |
|
| Details | File | 2 | connection.py |
|
| Details | File | 3 | explorer.ps1 |
|
| Details | File | 2 | 804838895.json |
|
| Details | File | 3 | updater.php |
|
| Details | File | 1 | %temp%\runtime broker.exe |
|
| Details | File | 674 | node.js |
|
| Details | File | 1 | %programfiles%\bsoftware updater service\wuaupd.exe |
|
| Details | File | 1 | c:\windows\winton.exe |
|
| Details | File | 1 | program.py |
|
| Details | File | 1 | instdate.dat |
|
| Details | File | 1 | cuuid.dat |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 3 | public.php |
|
| Details | File | 2 | public_result.php |
|
| Details | File | 1 | %appdata%\ from_machine_uuid.dat |
|
| Details | File | 27 | pythonw.exe |
|
| Details | File | 1 | executer.py |
|
| Details | File | 1 | executor.py |
|
| Details | md5 | 1 | 6b101b5c784611ecbcda002454c152d9 |
|
| Details | sha256 | 1 | ae10fff5f43d712a0c00f8c6b182502cf854b149f0e59c010a7f34a2f85edf20 |
|
| Details | sha256 | 1 | a4f20b60a50345ddf3ac71b6e8c5ebcb9d069721b0b0edc822ed2e7569a0bb40 |
|
| Details | sha256 | 1 | e78f9fc1df1295c561b610de97b945ff1a94c6940b59cdd3fcb605b9b1a65a0d |
|
| Details | sha256 | 1 | 742170a2102136e2d96dfe1ce9c2a41a6c049777b541723ea6d90dc22c48503b |
|
| Details | sha256 | 1 | 81875a13eded6ccf4ea0a41cdcf62f62287aba9fb2cd80d2e7444fae6340882b |
|
| Details | sha256 | 1 | 060882f97ace7cb6238e714fd48b3448939699e9f085418af351c42b401a1227 |
|
| Details | sha256 | 1 | 15d977dae1726c2944b0b4965980a92d8e8616da20e4d47d74120073cbc701b3 |
|
| Details | sha256 | 1 | 180b12a5f16ff2269d640b5a28d0b1d46013f3f163ee8b3c3b34166905c78e0c |
|
| Details | sha256 | 1 | 218a819360df70ecc4cdbdfac4fbc0e49be3f4cadbad04d591a3de992617dac2 |
|
| Details | sha256 | 1 | 39ae5ca001383b9bd0e97eb6877279a9f366935a49f511e3a51b1aefdc85ee7e |
|
| Details | sha256 | 1 | 4f05f962f321aa294e8dd185c6c86891183d175f54863e49e0151c1237287eb8 |
|
| Details | sha256 | 1 | 5dcbfc437c20e2e5e25a717017fd525cbe4834ce888c47002001c28cf85c20b8 |
|
| Details | sha256 | 1 | 664194273245a994abf929898d9ca5ec5cfb594d4b024935050dd9f6a1a42b67 |
|
| Details | sha256 | 1 | 686a6fe6db2b8510555559f05132d5f9776051c74d91d96f0ac7eed1a33f8d4d |
|
| Details | sha256 | 1 | 84674ae8db63036d1178bb42fa5d1b506c96b3b22ce22a261054ef4d021d2c69 |
|
| Details | sha256 | 1 | 8a492973b12f84f49c52216d8c29755597f0b92a02311286b1f75ef5c265c30d |
|
| Details | sha256 | 1 | 8c25b73245ada24d2002936ea0f3bcc296fdcc9071770d81800a2e76bfca3617 |
|
| Details | sha256 | 1 | 8eff1963dbfb05c51be299ca74fb40cc8b4ddf204c94f508173744466fdb8749 |
|
| Details | sha256 | 1 | 90cb376fba68978a556af5861c5b8084c18ad62c75d08ac29dd768ad1029c150 |
|
| Details | sha256 | 1 | a47e7b940c6387b21ad32181c85a7972c43d2568e26f35c28f8ea9fde0cb3cea |
|
| Details | sha256 | 1 | b9ffba378d4165f003f41a619692a8898aed2e819347b25994f7a5e771045217 |
|
| Details | sha256 | 1 | ca0ec4e1dde27b42c0df0cd9278289dce950adbad32dc178f058c503fa939381 |
|
| Details | sha256 | 1 | d9ebb6958afcd1907651487062108ec56a2af9eb935f2437156584081cb56b2f |
|
| Details | Url | 2 | https://vimeo.com/api/v2/video/804838895.json |
|
| Details | Url | 1 | https://evinfeoptasw.dedyn.io/updater.php?from=usb1&user=6b101b5c784611ecbcda002454c152d9 |
|
| Details | Url | 1 | https://luke.compeyson.eu.org/runservice/api |