The cybercrime landscape has witnessed the emergence of Doenerium Stealer 2024, a sophisticated information-stealing malware representing a significant evolution in credential theft and financial fraud capabilities. This advanced stealer, named after its encrypted “Doener” (kebab-themed) C2 communications, has quickly become a favorite among cybercriminals due to its modular design and evasion techniques.
Download Server 1 Download Server 2 Download Server 3
What is Doenerium Stealer 2024?
Doenerium Stealer is a malware-as-a-service (MaaS) information stealer first identified in early 2024. It specializes in:
- Credential harvesting (browsers, email clients, FTP)
- Cryptocurrency wallet theft (MetaMask, Exodus, Ledger)
- Financial data extraction (credit cards, banking logins)
- System fingerprinting (IP, HWID, geolocation)
Technical Features & Capabilities
1. Advanced Data Theft Modules
- Browser Data Extraction:
- Chrome, Firefox, Edge passwords & cookies
- Session token theft (bypasses 2FA)
- Autofill data harvesting
- Cryptocurrency Operations:
- Wallet.dat file theft
- Clipboard hijacking (BTC/ETH address replacement)
- Browser extension targeting (MetaMask, Phantom)
- System Information Collection:
- Screenshots
- Keylogging
- Webcam snapshots (optional)
2. Evasion & Persistence
- Polymorphic Code (changes hash signatures)
- Process Hollowing (injects into explorer.exe)
- UAC Bypass (gains admin privileges)
- Sandbox Detection (checks for VM environments)
3. C2 Communication
- Encrypted WebSockets
- Decentralized C2
- Blockchain-based updates
4. Cloud Storage Targeting
- Google Drive/Dropbox session theft
- OneNote credential harvesting
- AWS/Azure key extraction
