Manuel Statik Analiz — BlackGuard / UnixStealer | Tehdit: KRITIK

Dosya Kimliği

SHA2560d6f87aa18262050daa0eabad676c549459b8e8722a3e5f1c4b9d2e7f0a6b3c8
Dosya AdıBuild.exe
Boyut303.617 byte
String Sayisi3.520

Geliştirici PDB İzi

C:\Users\brtig\OneDrive\Desktop\Src\UnixStealer\UnixStealer\obj\Release\UnixStealer.pdb
-- Kullanici adi: brtig
-- Proje adi: UnixStealer (Windows malware icin yaniltici isim)

Telegram C2 -- DOGRULANMIS

https://api.telegram.org/bot[TOKEN]/sendMessage
-- Bot token + sendMessage = Telegram bot C2!

Diger IOC

http://ip-api.com/line/         -- GeoIP konum tespiti
https://api.vimeworld.ru/user/  -- Rus Minecraft API (C2 olabilir)
bhf.io                          -- Rus siber suc forumu referansi
GrabCookies                     -- Cerez hırsızlığı modulu
UnixStealer.Edge / EdgePath     -- Edge tarayici hedefi

IOC

SHA2560d6f87aa18262050daa0eabad676c549459b8e8722a3e5f1c4b9d2e7f0a6b3c8
C2Telegram Bot (api.telegram.org)
PDBbrtig / UnixStealer

BlackGuard — Malware Profile

BlackGuard .NET MaaS stealer 2022. $200/ay. 22+ kripto cuzdani. Rus dark web.

Malware Type
Infostealer
Programming Language
C#/.NET
C2 Protocol
HTTP
Target Systems
Windows

Technical Details

.NET, HTTPS C2 (Telegram/Discord C2 dead drop da destekli), browser stealer, kripto wallet stealer, VPN/FTP stealer, Discord/Steam token, USB propagation, clipper, screenshot

Capabilities & Behavior

Tarayıcı Kimlik Bilgileri
Çerez Hırsızlığı
Kripto Cüzdan Çalma
Sistem Bilgisi
Ekran Görüntüsü
FTP/SSH İstemci Şifreleri
E-posta İstemcisi Çalma
Veri Sızıntısı

IOC List (1 indicators)

IOC — BlackGuard
# SHA256 0d6f87aa18262050daa0eabad676c549459b8e8722a3e5f1c4b9d2e7f0a6b3c8
TypeValueNote
sha256 0d6f87aa18262050daa0eabad676c549459b8e8722a3e5f1c4b9d2e7f0a6b3c8

C2 Servers (2 recorded servers for this family)

Address Type Port Protocol Status Country
blackguard.shop domain 443 HTTPS active —
5.182.86.125 ip 1337 TCP inactive RU

C2 addresses are provided only from malware samples manually verified by the KEYDAL team. Commercial use is prohibited.

Tags
blackguardunixstealertelegram-c2pdb-brtigbhf-forumgeolocation