Pisloader

Malware updated 5 months ago (2024-05-04T20:48:45.170Z)
Download STIX
Preview STIX
Pisloader is a malware family that has been identified and named by Palo Alto Networks. The malware is delivered via HTTP, with the payload contained within an executable file named lsm.exe. Once this file is written and executed, it activates the pisloader payload, which then starts to infect the system. A Pisloader AutoFocus tag has been created by Palo Alto Networks to track the activity of this malicious software. The pisloader malware employs various innovative techniques such as using DNS as a C2 protocol, return-oriented programming, and other anti-analysis tactics. These methods make it particularly challenging to detect and analyze. The malware also expects specific aspects of the DNS responses to be set in a particular way; otherwise, pisloader will ignore the DNS reply. This further complicates efforts to mitigate its effects. Further investigation has revealed similarities between pisloader and a known HTTPBrowser sample. This similarity in metadata adds credibility to the theory that pisloader is likely a variant of the HTTPBrowser malware family. The ongoing monitoring and analysis of pisloader are crucial for developing effective countermeasures against this evolving threat.
Description last updated: 2023-11-29T00:32:25.639Z
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Pisloader Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
MITRE
2 years ago