This technical analysis dissects Warp malware, a Go-based loader-dropper that deploys a modified Stealerium infostealer. The paper details the full infection chain, including Telegram-based command-and-control, random traffic generation for evasion, and staged payload delivery. It explains how Warp performs privilege escalation using UAC bypass techniques, disables antivirus solutions via vulnerable drivers, and establishes persistence through scheduled tasks. The study highlights modifications made to Stealerium, such as altered data exfiltration methods and removed modules, offering defenders valuable insights into modern loader-stealer ecosystems.

Join for free to read