BrainDamage – A fully featured backdoor that uses Telegram as a C&C server

A python based backdoor which uses Telegram as C&C server.

Setup

• Telegram setup:
  • Install Telegram app and search for “BOTFATHER”.
  • Type /help to see all possible commands.
  • Click on or type /newbot to create a new bot.
  • Name your bot.
  • You should see a new API token generated for it.
• Dedicated Gmail account. Remember to check “allow connection from less secure apps” in gmail settings.
• Set access_token in eclipse.py to token given by the botfather.
• Set CHAT_ID in eclipse.py. Send a message from the app and use the telegram api to get this chat id.

bot.getMe() will give output {‘first_name’: ‘Your Bot’, ‘username’: ‘YourBot’, ‘id’: 123456789}

• Set copied_startup_filename in Eclipse.py.
• Set Gmail password and Username in /Breathe/SendData.py

Abilities

• whoisonline- list active slaves
  

  This command will list all the active slaves.

• destroy- delete&clean up
  

  This command will remove the stub from host and will remove registry entries.

• cmd- execute command on CMD
  

  Run shell commands on host

• download- url (startup, desktop, default)
  

  This will download files in the host computer.

• execute- shutdown, restart, logoff, lock
  

  Execute the following commands

• screenshot- take screenshot
  

  Take screenshot of the host of computer.

• send- passwords, drivetree, driveslist, keystrokes, openwindows
  

  This command will sends passwords (saved browser passwords, FTP, Putty..), directory tree of host (upto level 2), logged keystrokes and windows which are currently open

• set- email (0:Default,1:URL,2:Update), filename (0: Itself, 1: Others), keystrokes (text)
  

  This command can set email template (default, download from url, update current template with text you’ll send), rename filenames or insert keystrokes in host.

• start- website (URL), keylogger, recaudio (time), webserver (Port), spread
  

  This command can open website, start keylogger, record audio, start webserver, USB Spreading

• stop- keylogger, webserver
  

  This command will stop keylogger or webserver

• wallpaper- change wallpaper (URL)
  

  Changes wallpaper of host computer

• find- openports (host, threads, ports), router
  

  This command will find open ports and the router the host is using

• help- print this usage

Requirements

• Telepot
• PyAudio
• PyCyrpto
• Pyasn1
• Pillow
• Install PyHook
• Install PyWin32
• Install Microsoft Visual C++ Compiler for Python
• Install PyInstaller

Screenshots