Yep, it’s called BrainDamage

BrainDamage is a fully featured python based backdoor that uses Telegram as C&C server.

It is a hypothetical evolution of backdoor (very unlikely, from my point of view), so it’s a good idea to analyze its source code and its behavior.

Features

  • #whoisonline- list active slaves This command will list all the active slaves.
  • #destroy- delete&clean up This command will remove the stub from host and will remove registry entries.
  • #cmd- execute command on CMD Run shell commands on host
  • #download- url (startup, desktop, default) This will download files in the host computer.
  • #execute- shutdown, restart, logoff, lock Execute the following commands
  • #screenshot- take screenshot Take screenshot of the host of computer.
  • #send- passwords, drivetree, driveslist, keystrokes, openwindows This command will sends passwords (saved browser passwords, FTP, Putty..), directory tree of host (upto level 2), logged keystrokes and windows which are currently open
  • #set- email (0:Default,1:URL,2:Update), filename (0: Itself, 1: Others), keystrokes (text) This command can set email template (default, download from url, update current template with text you’ll send), rename filenames or insert keystrokes in host.
  • #start- website (URL), keylogger, recaudio (time), webserver (Port), spread This command can open website, start keylogger, record audio, start webserver, USB Spreading
  • #stop- keylogger, webserver This command will stop keylogger or webserver
  • #wallpaper- change wallpaper (URL) Changes wallpaper of host computer
  • #find- openports (host, threads, ports), router This command will find open ports and the router the host is using
  • #help- print this usage

Installation

The setup is pretty simple:

First, install some requirements:

  • Telepot
  • PyAudio
  • PyCyrpto
  • Pyasn1
  • Pillow
  • Install PyHook
  • Install PyWin32
  • Install Microsoft Visual C++ Compiler for Python
  • Install PyInstaller

Then, starts the installation

  • Telegram setup: - Install Telegram app and search for “BOTFATHER”. - Type /help to see all possible commands. - Click on or type /newbot to create a new bot. - Name your bot. - You should see a new API token generated for it.
  • Dedicated Gmail account. Remember to check “allow connection from less secure apps” in gmail settings.
  • Set access_token in eclipse.py to token given by the botfather.
  • Set CHAT_ID in eclipse.py. Send a message from the app and use the telegram api to get this chat id.

bot.getMe() will give output {‘first_name’: ‘Your Bot’, ‘username’: ‘YourBot’, ‘id’: 123456789}

  • Set copied_startup_filename in Eclipse.py.
  • Set Gmail password and Username in /Breathe/SendData.py

More information and downloads