Hackers Leak MiniStealer's Builder and Panel for Free

Key findings

• The stealer, according to threat actors, can target a variety of operating systems, including Windows 7, 10, and 11.
• The leaked ZIP files contain two folders, and the list of files inside these folders includes: Builder: MiniStealerBuilder.exe, Stub, and Panel: Web Panel Source code.
• Such builders also help less experienced hackers create malicious payloads, primarily to attack FTP applications and Chromium-based browsers.
• The malicious actor has furthermore released the source code of the web panel, which can be used to receive stolen data from a target network.

MiniStealer features

• It uses multiple anti-analysis checks to prevent debugging of the sample. To detect profiling, the code verifies if the COR_ENABLE_PROFILING environment variable is present and set to 1.
• This stealer starts a thread to continuously check if the payload is being debugged.
• To check for the presence of debuggers, this thread executes methods such as IsDebuggerPresent, OutputDebugString, and Debugger. islogging.
• For the FTP application, it steals data from configuration files. For browsers, it copies specific files in the AppDataBrowser directory.

Predecessor of Parrot Stealer?

• The same threat actor made a post shortly after the release of MiniStealer in which he was seen selling the Parrot Stealer builder and panel for $50.
• He claimed that Parrot Stealer is a modified version of MiniStealer.

Conclusion