{
	"id": "aaff93f2-2144-47a2-9776-e6f4be6966cc",
	"created_at": "2026-04-06T00:17:16.113439Z",
	"updated_at": "2026-04-10T03:22:11.620027Z",
	"deleted_at": null,
	"sha1_hash": "5006b7723df4a0b9949190a39ec32ac54a04696c",
	"title": "Loki-Bot: Information Stealer, Keylogger, and More!",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 16667969,
	"plain_text": "Loki-Bot: Information Stealer, Keylogger, and More!\r\nBy Created by:Rob Pantazopoulos\r\nArchived: 2026-04-05 23:39:18 UTC\r\nDownload File\r\nLoki-Bot: Information Stealer, Keylogger, and More! (PDF, 9.00MB)Published: 28 Jun, 2017\r\nLoki-Bot is advertised as a Password and CryptoCoin Wallet Stealer on several hacker forums (carter, 2015)\r\n(Anonymous, 2016) (lokistov, 2015) but aside from cheap sales pitches on the black market, not much has been\r\npublished regarding the details of its characteristics and capabilities. This poses a problem to information security\r\nanalysts who require such details in order to accurately prevent and/or defend against incidents involving this\r\nmalware. The primary goal of this paper is to provide a comprehensive resource on Loki-Bot for those looking to\r\nbetter understand its inner workings and to provide contextual knowledge in support of incident response efforts.\r\nContents of this paper will focus solely on characteristics identified during code-level analysis within a debugger.\r\nBasic static and dynamic analysis of Loki-Bot will be left as an exercise for the reader.\r\nAdditional resources\r\nRelated courses\r\nSlide 1 of 18\r\nSEC275: Foundations: Computers, Technology, \u0026 Security\r\nSEC275Cyber Defense\r\nhttps://www.sans.org/reading-room/whitepapers/malicious/loki-bot-information-stealer-keylogger-more-37850\r\nPage 1 of 14\n\nGIAC Foundational Cybersecurity Technologies (GFACT)\r\n 38 CPEs / 38 Hours (Self-Paced)\r\n Labs: 90 Hands-On Labs\r\nView course detailsRegister\r\nSlide 2 of 18\r\nSEC503: Network Monitoring and Threat Detection In-Depth\r\nSEC503Cyber Defense\r\n GIAC Certified Intrusion Analyst (GCIA)\r\n 6 Days (Instructor-Led)\r\n 46 CPEs / 46 Hours (Self-Paced)\r\n Labs: 37 Hands-On Labs\r\nView course detailsRegister\r\nSlide 3 of 18\r\nSEC501: Advanced Security Essentials - Enterprise Defender\r\nSEC501Cyber Defense\r\nhttps://www.sans.org/reading-room/whitepapers/malicious/loki-bot-information-stealer-keylogger-more-37850\r\nPage 2 of 14\n\nGIAC Certified Enterprise Defender (GCED)\r\n 6 Days (Instructor-Led)\r\n 38 CPEs / 38 Hours (Self-Paced)\r\n Labs: 25 Hands-On Labs\r\nView course detailsRegister\r\nSlide 4 of 18\r\nSEC573: AI-Powered Security Automation: Building Tools with Python, LLMs, and MCP\r\nSEC573Cyber Defense, Artificial Intelligence\r\nhttps://www.sans.org/reading-room/whitepapers/malicious/loki-bot-information-stealer-keylogger-more-37850\r\nPage 3 of 14\n\nGIAC Python Coder (GPYC)\r\n 6 Days (Instructor-Led)\r\n 36 CPEs / 36 Hours (Self-Paced)\r\n Labs: 128 Hands-On Labs\r\nView course detailsRegister\r\nSlide 5 of 18\r\nSEC497: Practical Open-Source Intelligence (OSINT)\r\nSEC497Cyber Defense\r\n GIAC Open Source Intelligence (GOSI)\r\n 6 Days (Instructor-Led)\r\n 36 CPEs / 36 Hours (Self-Paced)\r\n Labs: 29 Hands-On Labs\r\nView course detailsRegister\r\nSlide 6 of 18\r\nSEC450: SOC Analyst Training – Applied Skills for Cyber Defense Operations\r\nhttps://www.sans.org/reading-room/whitepapers/malicious/loki-bot-information-stealer-keylogger-more-37850\r\nPage 4 of 14\n\nSEC450Cyber Defense\r\n GIAC Security Operations Certified (GSOC)\r\n 6 Days (Instructor-Led)\r\n 36 CPEs / 36 Hours (Self-Paced)\r\n Labs: 22 Hands-On Labs\r\nView course detailsRegister\r\nSlide 7 of 18\r\nSEC401J: Security Essentials - Network, Endpoint, and Cloud (Japanese)\r\nSEC401JCyber Defense\r\nhttps://www.sans.org/reading-room/whitepapers/malicious/loki-bot-information-stealer-keylogger-more-37850\r\nPage 5 of 14\n\nGIAC Security Essentials (GSEC)\r\n 6 Days (Instructor-Led)\r\n 46 CPEs / 46 Hours\r\n Labs: 20 Hands-On Labs\r\nView course detailsRegister\r\nSlide 8 of 18\r\nSEC587: Advanced Open-Source Intelligence (OSINT) Gathering and Analysis\r\nSEC587Cyber Defense\r\nhttps://www.sans.org/reading-room/whitepapers/malicious/loki-bot-information-stealer-keylogger-more-37850\r\nPage 6 of 14\n\nGIAC Strategic OSINT Analyst (GSOA)\r\n 6 Days (Instructor-Led)\r\n 36 CPEs / 36 Hours (Self-Paced)\r\n Labs: 28 Hands-On Labs\r\nView course detailsRegister\r\nSlide 9 of 18\r\nSEC411: AI Security Principles and Practices: GenAI and LLM Defense\r\nSEC411Cyber Defense, Artificial Intelligence\r\nhttps://www.sans.org/reading-room/whitepapers/malicious/loki-bot-information-stealer-keylogger-more-37850\r\nPage 7 of 14\n\n18 CPEs / 18 Hours (Self-Paced)\r\n Labs: 5 Hands-On Labs\r\nView course detailsRegister\r\nSlide 10 of 18\r\nSEC511: Cybersecurity Engineering: Advanced Threat Detection and Monitoring\r\nSEC511Cyber Defense\r\n GIAC Continuous Monitoring Certification (GMON)\r\n 6 Days (Instructor-Led)\r\n 46 CPEs / 46 Hours (Self-Paced)\r\n Labs: 18 Hands-On Labs\r\nView course detailsRegister\r\nSlide 11 of 18\r\nSEC555: Detection Engineering and SIEM Analytics\r\nSEC555Cyber Defense\r\nhttps://www.sans.org/reading-room/whitepapers/malicious/loki-bot-information-stealer-keylogger-more-37850\r\nPage 8 of 14\n\nGIAC Certified Detection Analyst (GCDA)\r\n 5 Days (Instructor-Led)\r\n 30 CPEs / 30 Hours (Self-Paced)\r\n Labs: 18 Hands-On Labs\r\nView course detailsRegister\r\nSlide 12 of 18\r\nSEC495: Leveraging LLMs: Building \u0026 Securing RAG, Contextual RAG, and Agentic\r\nRAG\r\nSEC495Cyber Defense, Artificial Intelligence\r\nhttps://www.sans.org/reading-room/whitepapers/malicious/loki-bot-information-stealer-keylogger-more-37850\r\nPage 9 of 14\n\n7 CPEs / 7 Hours (Self-Paced)\r\nView course detailsRegister\r\nSlide 13 of 18\r\nSEC401: Security Essentials - Network, Endpoint, and Cloud\r\nSEC401Cyber Defense\r\n GIAC Security Essentials (GSEC)\r\n 6 Days (Instructor-Led)\r\n 46 CPEs / 46 Hours (Self-Paced)\r\n Labs: 20 Hands-On Labs\r\nView course detailsRegister\r\nSlide 14 of 18\r\nSEC673: Advanced Information Security Automation with Python\r\nSEC673Cyber Defense\r\nhttps://www.sans.org/reading-room/whitepapers/malicious/loki-bot-information-stealer-keylogger-more-37850\r\nPage 10 of 14\n\n6 Days (Instructor-Led)\r\n 36 CPEs / 36 Hours (Self-Paced)\r\n Labs: 27 Hands-On Labs\r\nView course detailsRegister\r\nSlide 15 of 18\r\nSEC301: Introduction to Cyber Security\r\nSEC301Cyber Defense\r\nhttps://www.sans.org/reading-room/whitepapers/malicious/loki-bot-information-stealer-keylogger-more-37850\r\nPage 11 of 14\n\nGIAC Information Security Fundamentals (GISF)\r\n 5 Days (Instructor-Led)\r\n 30 CPEs / 30 Hours (Self-Paced)\r\n Labs: 14 Hands-On Labs\r\nView course detailsRegister\r\nSlide 16 of 18\r\nSEC530: Defensible Security Architecture and Engineering: Implementing Zero Trust for\r\nthe Hybrid Enterprise\r\nSEC530Cyber Defense\r\n GIAC Defensible Security Architecture (GDSA)\r\n 6 Days (Instructor-Led)\r\n 36 CPEs / 36 Hours (Self-Paced)\r\n Labs: 24 Hands-On Labs\r\nView course detailsRegister\r\nSlide 17 of 18\r\nSEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals\r\nSEC595Cyber Defense, Artificial Intelligence\r\nhttps://www.sans.org/reading-room/whitepapers/malicious/loki-bot-information-stealer-keylogger-more-37850\r\nPage 12 of 14\n\nGIAC Machine Learning Engineer (GMLE)\r\n 6 Days (Instructor-Led)\r\n 36 CPEs / 36 Hours (Self-Paced)\r\n Labs: 30 Hands-On Labs\r\nView course detailsRegister\r\nSlide 18 of 18\r\nSEC529: Quantum Security Readiness for Executives\r\nSEC529Cyber Defense\r\nhttps://www.sans.org/reading-room/whitepapers/malicious/loki-bot-information-stealer-keylogger-more-37850\r\nPage 13 of 14\n\n1 Day (Instructor-Led)\r\n 6 CPEs / 6 Hours\r\n Labs: 3 Hands-On Labs\r\nView course detailsRegister\r\nSource: https://www.sans.org/reading-room/whitepapers/malicious/loki-bot-information-stealer-keylogger-more-37850\r\nhttps://www.sans.org/reading-room/whitepapers/malicious/loki-bot-information-stealer-keylogger-more-37850\r\nPage 14 of 14",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA",
		"Malpedia"
	],
	"references": [
		"https://www.sans.org/reading-room/whitepapers/malicious/loki-bot-information-stealer-keylogger-more-37850"
	],
	"report_names": [
		"loki-bot-information-stealer-keylogger-more-37850"
	],
	"threat_actors": [],
	"ts_created_at": 1775434636,
	"ts_updated_at": 1775791331,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/5006b7723df4a0b9949190a39ec32ac54a04696c.pdf",
		"text": "https://archive.orkl.eu/5006b7723df4a0b9949190a39ec32ac54a04696c.txt",
		"img": "https://archive.orkl.eu/5006b7723df4a0b9949190a39ec32ac54a04696c.jpg"
	}
}