Seriously? A backdoor that uses Telegram as C&C server?

Yep, it’s called BrainDamage


BrainDamage is a fully featured python based backdoor that uses Telegram as C&C server.

It is a hypothetical evolution of backdoor (very unlikely, from my point of view), so it’s a good idea to analyze its source code and its behavior.


Features


  • #whoisonline- list active slaves 
    This command will list all the active slaves.
  • #destroy- delete&clean up 
    This command will remove the stub from host and will remove registry entries.
  • #cmd- execute command on CMD 
    Run shell commands on host
  • #download- url (startup, desktop, default) 
    This will download files in the host computer.
  • #execute- shutdown, restart, logoff, lock 
    Execute the following commands
  • #screenshot- take screenshot 
    Take screenshot of the host of computer.
  • #send- passwords, drivetree, driveslist, keystrokes, openwindows 
    This command will sends passwords (saved browser passwords, FTP, Putty..), directory tree of host (upto level 2), logged keystrokes and windows which are currently open
  • #set- email (0:Default,1:URL,2:Update), filename (0: Itself, 1: Others), keystrokes (text) 
    This command can set email template (default, download from url, update current template with text you’ll send), rename filenames or insert keystrokes in host.
  • #start- website (URL), keylogger, recaudio (time), webserver (Port), spread 
    This command can open website, start keylogger, record audio, start webserver, USB Spreading
  • #stop- keylogger, webserver 
    This command will stop keylogger or webserver
  • #wallpaper- change wallpaper (URL) 
    Changes wallpaper of host computer
  • #find- openports (host, threads, ports), router 
    This command will find open ports and the router the host is using
  • #help- 
    print this usage

Installation

The setup is pretty simple:

First, install some requirements:

Then, starts the installation

  • Telegram setup:
    – Install Telegram app and search for “BOTFATHER”.
    – Type /help to see all possible commands.
    – Click on or type /newbot to create a new bot.
    – Name your bot.
    – You should see a new API token generated for it.
  • Dedicated Gmail account. Remember to check “allow connection from less secure apps” in gmail settings.
  • Set access_token in eclipse.py to token given by the botfather.
  • Set CHAT_ID in eclipse.py. Send a message from the app and use the telegram api to get this chat id.

bot.getMe() will give output {‘first_name’: ‘Your Bot’, ‘username’: ‘YourBot’, ‘id’: 123456789}

  • Set copied_startup_filename in Eclipse.py.
  • Set Gmail password and Username in /Breathe/SendData.py

More information and downloads

https://github.com/mehulj94/BrainDamage

Comments