BrainDamage – A fully featured backdoor that uses Telegram as a C&C server

A python based backdoor which uses Telegram as C&C server.


  • Telegram setup:
    • Install Telegram app and search for “BOTFATHER”.
    • Type /help to see all possible commands.
    • Click on or type /newbot to create a new bot.
    • Name your bot.
    • You should see a new API token generated for it.
  • Dedicated Gmail account. Remember to check “allow connection from less secure apps” in gmail settings.
  • Set access_token in to token given by the botfather.
  • Set CHAT_ID in Send a message from the app and use the telegram api to get this chat id.

bot.getMe() will give output {‘first_name’: ‘Your Bot’, ‘username’: ‘YourBot’, ‘id’: 123456789}

  • Set copied_startup_filename in
  • Set Gmail password and Username in /Breathe/


  • whoisonline- list active slaves

    This command will list all the active slaves.

  • destroy- delete&clean up

    This command will remove the stub from host and will remove registry entries.

  • cmd- execute command on CMD

    Run shell commands on host

  • download- url (startup, desktop, default)

    This will download files in the host computer.

  • execute- shutdown, restart, logoff, lock

    Execute the following commands

  • screenshot- take screenshot

    Take screenshot of the host of computer.

  • send- passwords, drivetree, driveslist, keystrokes, openwindows

    This command will sends passwords (saved browser passwords, FTP, Putty..), directory tree of host (upto level 2), logged keystrokes and windows which are currently open

  • set- email (0:Default,1:URL,2:Update), filename (0: Itself, 1: Others), keystrokes (text)

    This command can set email template (default, download from url, update current template with text you’ll send), rename filenames or insert keystrokes in host.

  • start- website (URL), keylogger, recaudio (time), webserver (Port), spread

    This command can open website, start keylogger, record audio, start webserver, USB Spreading

  • stop- keylogger, webserver

    This command will stop keylogger or webserver

  • wallpaper- change wallpaper (URL)

    Changes wallpaper of host computer

  • find- openports (host, threads, ports), router

    This command will find open ports and the router the host is using

  • help- print this usage








%d bloggers like this: