OrionBot

OrionBot is the deployed binary of a centralized and versatile remote administration tool, making use of the Tor network to communicate with its respective server.

Setup Guide

Features

Static

• Customizable icon and install name
• Startup options: Automatic, Task, Registry, Startup folder
• Persistence
• Reinfection
• Base creation (hidden)
• Tracking of Spreading Vectors
• Anti-Virtualization
• Anti-Debugging
• Execution Delay
• Disabling Windows Defender
• Elevation
• Melting
• Torified or Standard traffic
• Encrypted and dynamic Resources
• Polymorphism

Runtime

• Basic (bot-specific) information
• Information gathering
  • System information
  • Software information
  • Passwords (LaZagne parser)
  • Discord Token grabbing
  • Files: Download, Upload, List, Open remotely
• Power: Shutdown, Reboot, Lock, Sleep, Wake
• Execution: Local File, Remote File, Command
• Elevation: Simple, Disguised, Silent
• Toggle Windows Defender protection
• Crypto mining
• Spreading
• MessageBox
• Abort command

Getting started

This section covers the recommended software and dependencies needed to compile and debug the project.

Prerequisites

Delphi environment:

• RAD Studio 10.3+

Dependencies

• LockBox 3.7 for the encryption routines
• DProcess for high-level process management (included)
• LaZagne for password recovery (runtime)
• Nanominer for crypto mining (runtime)

Installing

Clone the repository using

git clone https://github.com/Raffy27/OrionBot

Open Bot.dproj or the source file (Bot.lpr) in your IDE.

Debugging

If you're using RAD Studio, switch to the Debug Build Configuration and build the project.

Make sure the DEBUG directive is defined and the Dbg procedure in Basics.pas is working as intended.

To debug in-place (do not create a base, etc.) add a Config.ini to the current directory of OrionBot, essentially simulating a post-install second start. You can get a valid configuration file by building a new binary with OrionPanel and then extracting it from the Resources.

You can use ResourceHacker to edit/extract binary Resources.

You can use DebugView to see debug messages logged by OrionBot. A useful filter file can be found here.

Releases

For active releases and pre-compiled binaries, see Releases. For usage with the entire project, see the instructions provided in OrionServer.

License

This project is licensed under the MIT License - see the LICENSE file for details. For the dependencies, all rights belong to their respective owners. These should be used according to their respective licenses.