█▀▀█ █▀▀█ ▀▀█▀▀
█▄▄▀ █▄▄█ █
█ █ █ █ █
▀▀█▀▀ █▀▀ █ █▀▀ █▀▀▀ █▀▀█ █▀▀█ █▀▄▀█ █▀▀▀█ █▀▀█ █ █ █▀▀█ █▀▀█ ▀▀█▀▀
█ █▀▀ █ █▀▀ █ ▀█ █▄▄▀ █▄▄█ █ ▀ █ ▀▀▀▄▄ █ █ █▄▄█ █▀▀▄ █ █ █
█ ▀▀▀ ▀▀▀ ▀▀▀ ▀▀▀▀ ▀ ▀▀ ▀ ▀ ▀ ▀ █▄▄▄█ █▀▀▀ ▄▄▄█ █▄▄█ ▀▀▀▀ ▀
- Developed by:
SebastianEPH
- Product name:
RAT Telegram Spy Bot
- Type software:
Remote Administration Tool
- File version:
1.0
- Architecture:
x86 bits || x64 bits
- State:
No verificado [Posible Fallos]
- Size:
400KB aprox
- Undetectable:
Not Tester
<< No Verificado - Plataform:
Windows 7, 8.1, 10
- Programming language:
C#.net Framework - Console
- Licence:
MIT
- IDE or text editor:
Visual Studio Comunity 2019
- Documentation date:
20/05/2020
- Description:
Remote access Trojan, spies and obtains information from the infected pc, controlled by telegram commands.
Show a message only if the infected PC is online
Shows detailed information of the infected PC
It shows default system folders where there can be: [Images] [Photos] [Documents] [Music] and gets them, the process can take many minutes
In case you can't find the folder, show a message a controlled exception
- Write the command plus the file path with extension.
- The accepted file extensions are as follows, the file must not exceed 50MB
string[] video = { "gif", "mp4", "avi", "div", "m4v", "mov", "mpg", "mpeg", "qt", "wmv", "webm", "flv", "3gp" }; string[] audio = { "midi", "mp1", "mp2", "mp3", "wma", "ogg", "au", "m4a" }; string[] doc = { "doc", "docx", "txt", "log", "ppt", "pptx", "pdf" }; string[] imagen = { "jpg", "jpeg", "png", "bmp", "ico", "jpe", "jpe" }; string[] system = { "ani", "bat", "bfc", "bkf", "blg", "cat", "cer", "cfg", "chm", "chk", "clp", "cmd", "cnf", "com", "cpl", "crl", "crt", "cur", "dat", "db", "der", "dll", "drv", "ds", "dsn" , "dun","exe","fnd","fng","fon","grp","hlp","ht","inf","ini","ins","isp","job","key","lnk","msi","msp","msstyles", "nfo","ocx","otf","p7c","pfm","pif","pko","pma","pmc","pml","pmr","pmw","pnf","psw","qds","rdp","reg","scf","scr","sct","shb","shs","sys","theme", "tmp","ttc","ttf","udl","vxd","wab","wmdb","wme","wsc","wsf","wsh","zap"};
NOTE: Do not enclose path in double or single quotes
Only list subfolders of a drive
Example: /Dir
C:\User\Photos and videos
NOTE: Do not enclose path in double or single quotes
It will show all files folders and subfolders within the specified path, plus each file found is detailed.
As the previous command only lists specific folders but does not list a complete drive, this command fulfills that function. It would only be enough to select the drive, and if the drive exists it will list all the directories, otherwise it will display a message that the drive does not exist, it becomes a complete of /Dir
Developing... [No habilitado]
Show creator info.
-
We head to the following address >BotFather<
-
Create our new bot.
-
We look for our Bot, and we start it.
-
Now we get our Chat ID, this is done so that only the keylog reaches us and not anyone who finds the bot.
-
We look for the Bot called Chat ID and we get our Chat ID
-
At the end we will have our Bot Token and our Chat ID
-
In Visual Studioopen the project and go to the archive
config.cs
-
Within this file we will replace the
Chat ID
and theBot Token
-
We compiled and observed that in our telegram bot, we received a message from
==>> Computer: sebas is online <<==
NOTE: In this case it shows a console, just because I have Debug mode enabled, you should not get that console.
The compiled files are found within the project, in the following path
Path : [GitHub] RAT_BotTelegram\RAT TelegramSpyBot\bin\Debug
The main file is RAT TelegramSpyBot
NOTE: When you run the main file, it will replicate to the system and modify the system boot record, but all the files in the image are important, the RAT will not work if it is not with its plugins
How do I infect the victim?
Note: Do not rename the file RAT TelegramSpyBot.exe
, sIf you change the name, the RAT will be obsolete.
- You save the files on a USB.
- It will connect the USB to the __ [PC] __ to infect.
- It is recommended to disable the antivirus or add an exclusion in the following path:
"C:\Users\Public"
. - Next is to run the
RAT TelegramSpyBot.exe
file on the USB, the RAT will be replicated in the following path:"C:\Users\Public\RAT_Telegram"
, It is recommended not to remove the USB instantly as theRAT Telegram
will be replicating on the specified path.
Note: When executing the file, it will automatically modify the windows registry so that it always starts when you turn on the computer.
The RAT will modify the following registry path"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run"
therefore you will need administrator permissions, therefore it is recommended that the first execution be carried out with administrator permissions, in case you do not execute it with administrator permissions, the RAT will modify the following path"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run"
Explanation:
HKEY_LOCAL_MACHINE:
the RAT will run on all existing users and new computer users.HKEY_CURRENT_USER:
the RAT will only run on the current user, if another user will be created, the RAT will only work on the main user
Note: Contact me only if you found a bug or want to contribute to the repository, thanks.
Developed: by SebastianEPH