Thursday, May 8, 2025
HomeCyber Security NewsCybercriminals Released Mini Stealer's Builder & Panel for Free on a Cybercrime...

Cybercriminals Released Mini Stealer’s Builder & Panel for Free on a Cybercrime Forum

Published on

SIEM as a Service

Follow Us on Google News

A threat actor has recently released MiniStealer’s builder and panel for free on a cybercrime forum. Cyble Research and Intelligence Labs (CRIL) security analysts discovered this exploit during a routine threat hunting exercise carried out recently.

Threat actors can easily create malicious payloads using such builders, which can make them easy for them to generate. There is a lot of stuff that MiniStealer targets, but it mostly targets FTP applications and browsers that are based on Chromium.

Threat actors claim that their stealer can target different OS, including the following:- 

- Advertisement - Google News
  • Windows 7
  • Windows 10
  • Windows 11

The same threat actor made a post sometime after the release of MiniStealer, where he sold the builder and panel for Parrot Stealer for the price of USD 50.

As stated in the report by the threat actor, this stealer is a modified version of MiniStealer. It is possible that the threat actor had added functionality in Parrot stealer that wasn’t present in MiniStealer.

Technical Analysis

The threat actor has leaked two folders from the zip file it has leaked. Here is a list of the files that are contained inside these folders:-

  • Builder: MiniStealerBuilder.exe, Stub
  • Panel: Web Panel Source code

Threat actor released a binary builder that was based on the .NET framework. In order to make the payload more powerful, it has the ability to include the details of C&C in it. 

The actual payload for the builder is located in a file called “stub” that is actually placed in the builder’s build folder. The C&C details are then written to the payload once this is completed so that the final payload can be created.

Test Reports are sent to the C&C server when the Test Button is clicked, in order to determine if the connection can be established with the server. There are three strings that are present in these logs:-

  • TestUser
  • TestPass
  • TestHost

The Mini Stealer application is a 64-bit .NET binary that incorporates Timestomping. Timestomping refers to the process of altering the timestamps of files.

In order to deflect unnecessary attention from forensic investigations, adversaries employ this technique when delivering their payloads.

Recommendations

Here below we have mentioned all the recommendations:-

  • The use of warez and torrent websites is not recommended as a source for downloading pirated software.
  • Ensure that your passwords are strong at all times.
  • Whenever possible, ensure that multi-factor authentication is enforced.   
  • Activate the auto-update feature that automatically updates your device or system software.
  • Make sure you use an anti-virus program that is reputed.
  • Whenever you receive an email that contains an attachment or a link that you are unsure of, do not open it.
  • Employers should be educated on how to protect themselves against malicious activity such as phishing or untrusted URLs, such as spam emails.  
  • In order to prevent malicious URLs from being used to spread malware, you should block them.
  • It is important to keep an eye on the beacons at the network level to identify malware and threat actors that may try to steal data from them.

Secure Azure AD Conditional Access – Download Free White Paper

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...

SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks

SpyCloud, the leading identity threat protection company, today released an analysis of nearly 6...

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...