2024-10-03 Amnesia Stealer Samples
2024-10-03 Threatmon: Amnesia Stealer
Amnesia Stealer, a customizable open-source malware, was identified by ThreatMon on September 17, 2024.- Functions as Malware-as-a-Service (MaaS), making it easily accessible for cybercriminals.
- Uses Discord and Telegram for Command & Control (C2) operations.
- Capable of stealing sensitive data like browser passwords, Discord tokens, cryptocurrency wallets, and Wi-Fi credentials.
- Features keylogging, clipboard hijacking, and can bypass Windows Defender.
- Can inject additional malware like trojans, cryptocurrency miners, and droppers.
- Available in three versions: Free, VIP, and an Android variant (in development).
- Android version can steal call logs, SMS, and WhatsApp session files. -- Key findings by Threatmon.
File Information
- ├── 5b7e0be073dd22bd568bb9833f914c3e130863bd06d70b7623392a37d0ba4978 s.exe
- ├── 66985fe45320243565f3940f464bdab74179ac48afb9b6511e628ea826e60c33 Build.exe
- ├── bbe5544c408a6eb95dd9980c61a63c4ebc8ccbeecade4de4fae8332361e27278 updater.exe
- ├── c59a6d4e3082d0768b614b9d7e1b7a9915ee4615cea1d1bd8b45cb249a5f886c crss.exe
- ├── d07c47f759245d34a5b94786637c3d2424c7e3f3dea3d738d95bf4721dbf3b16 svchost.exe
- ├── dff14514b26b6278a7ffd56775c3193425e8c4ff7b544e3c3a8e2956ff9b74b8 Help.Exe
- ├── e0338c845a876d585eceb084311e84f3becd6fa6f0851567ba2c5f00eeaf4ecf conhost.exe
- └── e50c227b0f6283a82b7fef58d4ff3de1c25fa31922375e9d1518bf61bbc5d04a Build.exe
- Over the past 15 years, as the blog has been around, many hosting providers have dropped support due to stricter no-malware policies. This has led to broken links, especially in older posts. If you find a broken link on contagiodump.blogspot.com (or contagiominidump.blogspot.com), just note the file name from the URL and search for it in the Contagio Malware Storage.