EsotericVisage
Stealth remote administration tool using telegram
Install / Use
/learn @JebSmith/EsotericVisageREADME
EsotericVisage (oh my god... I've got so much shit going on right now. I don't know if I'll finish this... Feel free to improve I suppose...) :(
Stealth remote administration tool
+-------+
| Local |
+-------+
[EV-Installer] --+
| - Determine if AVs are running
|
| - DLL inject into explorer.exe
|
| - Else: extract dll and run using rundll32.exe
|
| - Set registry keys and delete installer...
+---------+
| Network |
+---------+
[EV-Core] --+
| Use sendMessage and getUpdates for c&c
| |
+--------------api.telegram.org-------------Telegram client
Features
- Will support screenshots, keylogging, password recovery, download and execute, and remote command execution. No webcam capture because that's just plain creepy...
- Will be supported on win XP-10
- Currently supports download and exec (ALL DNEXEC[url:=path]), remote command execution (ALL EXECUTE[cmd]), and get sysinfo...
- Https traffic using winhttp...
- Removed base64... Meh
Command Structure
[TO] [TYPE][ARG1(:=ARG2(if present))]
- Ex: ALL SYSINFO(NO ARGS REQUIRED)
