░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
░░░░░ ███████ ]▄▄▄▄▄▄▄▄▃ ░░░░░░░░░░░░
▂▄▅█████████▅▄▃▂░░░░░ ᵂᵉˡᶜᵒᵐᵉ ᵗᵒ ᴴᵉˡˡᶜᵃᵗ ░░░░░
I███████████████████].░░░░░░░░░░░░░░░░░
◥⊙▲⊙▲⊙▲⊙▲⊙▲⊙▲⊙◤...░░░░░░░░░░░░░░░░
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
❑ Home
/help - Show all commands.
/kill - Kill current running backdoor.
/remove - Self-Remove current backdoor.
❑ Tools
/shell, /sh <cmd> - Reverse shell from client machine.
/download <path> - Download file from client machine.
/webload <filename> <url> - Download file from website.
/screen <filename> - Screenshot client display.
/geoip <city-mmdb> - Retrieve the client geolocation from IPv4.
/registry <method> <regname> <value> <path>
--set Set registry key to client machine.
--del Delete registry key from client machine.
/browser <browser>
--dc Dumping Chrome browser database files.
--dm Dumping MS Edge browser database files.
/clipboard - Retrieve Clipboard data from client.
Hellcat is a backdoor built to infect Windows machines. It uses Telegram as a C2 server to communicate between the attacker and the client. However, it can only set one Telegram bot API per implant. This means that if you want to infect another machine, you need to build a new implant with a new Telegram bot API. It is inspired by the gcat and gdog backdoors.
To build the implant, you can simply double-click the batch file. The binary file that is used to be implanted in the target machine will be located in the "bin" folder.
To build the Telegram bot API, you can go to BotFather and ask for a new bot. Then, name your bot and choose a username for it, and you're done! If you don't know the command, you can type "/help" and it will show you a lot of useful commands.
- Telegram
- Go Compiler
- Code\Text Editor