Posted by d3k0y on 2017-03-26 17:09:43

A python based backdoor which uses Telegram as C&C server.

Features Persistance USB spreading Port Scanner Router Finder Run shell commands Keylogger Insert keystrokes Record audio Webserver Screenshot logging Download files in the host Execute shutdown, restart, logoff, lock Send drive tree structure Set email template Rename Files Change wallpaper Open website Send Password for Chrome Mozilla Filezilla Core FTP CyberDuck FTPNavigator WinSCP Outlook Putty Skype Generic Network Cookie stealer Send active windows Gather system information Drives list Internal and External IP Ipconfig /all output Platform

                _,.-'/ `",\'-.,_
             -~^    /______\`~~-^~:

| \ () | \
| |) |
| | | | _ _ _ | _ <| '/ ` | | ' | | | |/ ` | ' _ \ / _ |/ ` |/ \ | |) | | | (| | | | | | || | (| | | | | | | (| | (_| | / |__/|| _,||| ||___/ _,|| || ||_,|_, |_| / |

--> Coded by: Mehul Jain([email protected]) --> Github: https://github.com/mehulj94 --> Twitter: https://twitter.com/wayfarermj --> For windows only

Setup Telegram setup: Install Telegram app and search for “BOTFATHER”. Type /help to see all possible commands. Click on or type /newbot to create a new bot. Name your bot. You should see a new API token generated for it. Dedicated Gmail account. Remember to check “allow connection from less secure apps” in gmail settings. Set access_token in eclipse.py to token given by the botfather. Set CHAT_ID in eclipse.py. Send a message from the app and use the telegram api to get this chat id. bot.getMe() will give output {‘first_name’: ‘Your Bot’, ‘username’: ‘YourBot’, ‘id’: 123456789} Set copied_startup_filename in Eclipse.py. Set Gmail password and Username in /Breathe/SendData.py

Usage Run eclipse.py on host On first run: Files will be copied to startup path Registry entry will be made Warning message will appear that file is corrupted. Folders will be made and set to hidden state. Passwords and cookies will be sent. Timestamps will be changed Control host from the Telegram app by sending commands.

Abilities whoisonline- list active slaves This command will list all the active slaves. destroy- delete&clean up This command will remove the stub from host and will remove registry entries. cmd- execute command on CMD Run shell commands on host download- url (startup, desktop, default) This will download files in the host computer. execute- shutdown, restart, logoff, lock This is to mess with the host 😀 or refresh if things are not working properly screenshot- take screenshot Take screenshot of the host of computer. send- passwords, drivetree, driveslist, keystrokes, openwindows This command will sends passwords (saved browser passwords, FTP, Putty..), directory tree of host (upto level 2), logged keystrokes and windows which are currently open set- email (0:Default,1:URL,2:Update), filename (0: Itself, 1: Others), keystrokes (text) This command can set email template (default, download from url, update current template with text you’ll send), rename filenames, insert keystrokes in host 😀 start- website (URL), keylogger, recaudio (time), webserver (Port), spread This command can open website, start keylogger, record audio, start webserver, USB Spreading stop- keylogger, webserver This command will stop keylogger or webserver wallpaper- change wallpaper (URL) Changes wallpaper of host computer find- openports (host, threads, ports), router This command will find open ports and the router the host is using help- print this usage

Requirements Telepot PyAudio PyCyrpto Pyasn1 Pillow Install PyHook Install PyWin32 Install Microsoft Visual C++ Compiler for Python Install PyInstaller