A threat actor has recently released MiniStealer’s builder and panel for free on a cybercrime forum. Cyble Research and Intelligence Labs (CRIL) security analysts discovered this exploit during a routine threat hunting exercise carried out recently.
Threat actors can easily create malicious payloads using such builders, which can make them easy for them to generate. There is a lot of stuff that MiniStealer targets, but it mostly targets FTP applications and browsers that are based on Chromium.
Threat actors claim that their stealer can target different OS, including the following:-
The same threat actor made a post sometime after the release of MiniStealer, where he sold the builder and panel for Parrot Stealer for the price of USD 50.
As stated in the report by the threat actor, this stealer is a modified version of MiniStealer. It is possible that the threat actor had added functionality in Parrot stealer that wasn’t present in MiniStealer.
The threat actor has leaked two folders from the zip file it has leaked. Here is a list of the files that are contained inside these folders:-
Threat actor released a binary builder that was based on the .NET framework. In order to make the payload more powerful, it has the ability to include the details of C&C in it.
The actual payload for the builder is located in a file called “stub” that is actually placed in the builder’s build folder. The C&C details are then written to the payload once this is completed so that the final payload can be created.
Test Reports are sent to the C&C server when the Test Button is clicked, in order to determine if the connection can be established with the server. There are three strings that are present in these logs:-
The Mini Stealer application is a 64-bit .NET binary that incorporates Timestomping. Timestomping refers to the process of altering the timestamps of files.
In order to deflect unnecessary attention from forensic investigations, adversaries employ this technique when delivering their payloads.
Here below we have mentioned all the recommendations:-
Secure Azure AD Conditional Access – Download Free White Paper
Hackers have reportedly infiltrated and extracted a vast 82 GB of sensitive data from the Indonesian…
IBM has issued a security bulletin warning of two vulnerabilities in its AIX operating system…
The Apache Software Foundation has issued a security alert regarding a critical vulnerability in Apache…
The Chinese National Internet Emergency Center (CNIE) has revealed two significant cases of cyber espionage…
A critical command injection vulnerability in the popular systeminformation npm package has recently been disclosed, exposing millions…
Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer through…