MiniFast Propose Change

Actor(s): UNC1549

According to Check Point Research, "MiniFast" is a 64-bit Windows DLL backdoor that appears to be under active development and shows multiple signs of AI-assisted coding, including verbose error handling, modular organization, and descriptive function naming. It is designed for long-term access and remote administration, using a structured command-and-control protocol with host registration, task polling, and result reporting capabilities.
MiniFast performs basic system reconnaissance and supports a broad set of post-compromise functions, including file and directory management, command execution, process enumeration and termination, file transfer, archive creation, and dynamic loading of additional code modules. The malware can also modify its communication timing based on operator instructions and execute tasks through an opcode-driven command framework.
It incorporates execution-chain validation and anti-analysis checks to ensure it is running in an expected environment before activating. It is commonly deployed through multi-stage infection chains that abuse legitimate .NET application functionality and trusted software execution flows to blend into normal system activity and establish persistence.

References

There is no Yara-Signature yet.