Seriously? A backdoor that uses Telegram as C&C server?
Yep, it’s called BrainDamage
BrainDamage is a fully featured python based backdoor that uses Telegram as C&C server.
It is a hypothetical evolution of backdoor (very unlikely, from my point of view), so it’s a good idea to analyze its source code and its behavior.
Features
-
#whoisonline- list active slaves
This command will list all the active slaves. -
#destroy- delete&clean up
This command will remove the stub from host and will remove registry entries. -
#cmd- execute command on CMD
Run shell commands on host -
#download- url (startup, desktop, default)
This will download files in the host computer. -
#execute- shutdown, restart, logoff, lock
Execute the following commands -
#screenshot- take screenshot
Take screenshot of the host of computer. -
#send- passwords, drivetree, driveslist, keystrokes, openwindows
This command will sends passwords (saved browser passwords, FTP, Putty..), directory tree of host (upto level 2), logged keystrokes and windows which are currently open -
#set- email (0:Default,1:URL,2:Update), filename (0: Itself, 1: Others), keystrokes (text)
This command can set email template (default, download from url, update current template with text you’ll send), rename filenames or insert keystrokes in host. -
#start- website (URL), keylogger, recaudio (time), webserver (Port), spread
This command can open website, start keylogger, record audio, start webserver, USB Spreading -
#stop- keylogger, webserver
This command will stop keylogger or webserver -
#wallpaper- change wallpaper (URL)
Changes wallpaper of host computer -
#find- openports (host, threads, ports), router
This command will find open ports and the router the host is using -
#help-
print this usage
Installation
The setup is pretty simple:
First, install some requirements:
- Telepot
- PyAudio
- PyCyrpto
- Pyasn1
- Pillow
- Install PyHook
- Install PyWin32
- Install Microsoft Visual C++ Compiler for Python
- Install PyInstaller
Then, starts the installation
- Telegram setup:
- Install Telegram app and search for “BOTFATHER”.
- Type /help to see all possible commands.
- Click on or type /newbot to create a new bot.
- Name your bot.
- You should see a new API token generated for it. - Dedicated Gmail account. Remember to check “allow connection from less secure apps” in gmail settings.
- Set access_token in eclipse.py to token given by the botfather.
- Set CHAT_ID in eclipse.py. Send a message from the app and use the telegram api to get this chat id.
bot.getMe() will give output {‘first_name’: ‘Your Bot’, ‘username’: ‘YourBot’, ‘id’: 123456789}
- Set copied_startup_filename in Eclipse.py.
- Set Gmail password and Username in /Breathe/SendData.py
More information and downloads
[embed]https://github.com/mehulj94/BrainDamage[/embed]