Loki-Bot: Information Stealer, Keylogger, and More!
By Created by:Rob Pantazopoulos
Archived: 2026-04-05 23:39:18 UTC
Download File
Loki-Bot: Information Stealer, Keylogger, and More! (PDF, 9.00MB)Published: 28 Jun, 2017
Loki-Bot is advertised as a Password and CryptoCoin Wallet Stealer on several hacker forums (carter, 2015)
(Anonymous, 2016) (lokistov, 2015) but aside from cheap sales pitches on the black market, not much has been
published regarding the details of its characteristics and capabilities. This poses a problem to information security
analysts who require such details in order to accurately prevent and/or defend against incidents involving this
malware. The primary goal of this paper is to provide a comprehensive resource on Loki-Bot for those looking to
better understand its inner workings and to provide contextual knowledge in support of incident response efforts.
Contents of this paper will focus solely on characteristics identified during code-level analysis within a debugger.
Basic static and dynamic analysis of Loki-Bot will be left as an exercise for the reader.
Additional resources
Related courses
Slide 1 of 18
SEC275: Foundations: Computers, Technology, & Security
SEC275Cyber Defense
https://www.sans.org/reading-room/whitepapers/malicious/loki-bot-information-stealer-keylogger-more-37850
Page 1 of 14

GIAC Foundational Cybersecurity Technologies (GFACT)
 38 CPEs / 38 Hours (Self-Paced)
 Labs: 90 Hands-On Labs
View course detailsRegister
Slide 2 of 18
SEC503: Network Monitoring and Threat Detection In-Depth
SEC503Cyber Defense
 GIAC Certified Intrusion Analyst (GCIA)
 6 Days (Instructor-Led)
 46 CPEs / 46 Hours (Self-Paced)
 Labs: 37 Hands-On Labs
View course detailsRegister
Slide 3 of 18
SEC501: Advanced Security Essentials - Enterprise Defender
SEC501Cyber Defense
https://www.sans.org/reading-room/whitepapers/malicious/loki-bot-information-stealer-keylogger-more-37850
Page 2 of 14

GIAC Certified Enterprise Defender (GCED)
 6 Days (Instructor-Led)
 38 CPEs / 38 Hours (Self-Paced)
 Labs: 25 Hands-On Labs
View course detailsRegister
Slide 4 of 18
SEC573: AI-Powered Security Automation: Building Tools with Python, LLMs, and MCP
SEC573Cyber Defense, Artificial Intelligence
https://www.sans.org/reading-room/whitepapers/malicious/loki-bot-information-stealer-keylogger-more-37850
Page 3 of 14

GIAC Python Coder (GPYC)
 6 Days (Instructor-Led)
 36 CPEs / 36 Hours (Self-Paced)
 Labs: 128 Hands-On Labs
View course detailsRegister
Slide 5 of 18
SEC497: Practical Open-Source Intelligence (OSINT)
SEC497Cyber Defense
 GIAC Open Source Intelligence (GOSI)
 6 Days (Instructor-Led)
 36 CPEs / 36 Hours (Self-Paced)
 Labs: 29 Hands-On Labs
View course detailsRegister
Slide 6 of 18
SEC450: SOC Analyst Training – Applied Skills for Cyber Defense Operations
https://www.sans.org/reading-room/whitepapers/malicious/loki-bot-information-stealer-keylogger-more-37850
Page 4 of 14

SEC450Cyber Defense
 GIAC Security Operations Certified (GSOC)
 6 Days (Instructor-Led)
 36 CPEs / 36 Hours (Self-Paced)
 Labs: 22 Hands-On Labs
View course detailsRegister
Slide 7 of 18
SEC401J: Security Essentials - Network, Endpoint, and Cloud (Japanese)
SEC401JCyber Defense
https://www.sans.org/reading-room/whitepapers/malicious/loki-bot-information-stealer-keylogger-more-37850
Page 5 of 14

GIAC Security Essentials (GSEC)
 6 Days (Instructor-Led)
 46 CPEs / 46 Hours
 Labs: 20 Hands-On Labs
View course detailsRegister
Slide 8 of 18
SEC587: Advanced Open-Source Intelligence (OSINT) Gathering and Analysis
SEC587Cyber Defense
https://www.sans.org/reading-room/whitepapers/malicious/loki-bot-information-stealer-keylogger-more-37850
Page 6 of 14

GIAC Strategic OSINT Analyst (GSOA)
 6 Days (Instructor-Led)
 36 CPEs / 36 Hours (Self-Paced)
 Labs: 28 Hands-On Labs
View course detailsRegister
Slide 9 of 18
SEC411: AI Security Principles and Practices: GenAI and LLM Defense
SEC411Cyber Defense, Artificial Intelligence
https://www.sans.org/reading-room/whitepapers/malicious/loki-bot-information-stealer-keylogger-more-37850
Page 7 of 14

18 CPEs / 18 Hours (Self-Paced)
 Labs: 5 Hands-On Labs
View course detailsRegister
Slide 10 of 18
SEC511: Cybersecurity Engineering: Advanced Threat Detection and Monitoring
SEC511Cyber Defense
 GIAC Continuous Monitoring Certification (GMON)
 6 Days (Instructor-Led)
 46 CPEs / 46 Hours (Self-Paced)
 Labs: 18 Hands-On Labs
View course detailsRegister
Slide 11 of 18
SEC555: Detection Engineering and SIEM Analytics
SEC555Cyber Defense
https://www.sans.org/reading-room/whitepapers/malicious/loki-bot-information-stealer-keylogger-more-37850
Page 8 of 14

GIAC Certified Detection Analyst (GCDA)
 5 Days (Instructor-Led)
 30 CPEs / 30 Hours (Self-Paced)
 Labs: 18 Hands-On Labs
View course detailsRegister
Slide 12 of 18
SEC495: Leveraging LLMs: Building & Securing RAG, Contextual RAG, and Agentic
RAG
SEC495Cyber Defense, Artificial Intelligence
https://www.sans.org/reading-room/whitepapers/malicious/loki-bot-information-stealer-keylogger-more-37850
Page 9 of 14

7 CPEs / 7 Hours (Self-Paced)
View course detailsRegister
Slide 13 of 18
SEC401: Security Essentials - Network, Endpoint, and Cloud
SEC401Cyber Defense
 GIAC Security Essentials (GSEC)
 6 Days (Instructor-Led)
 46 CPEs / 46 Hours (Self-Paced)
 Labs: 20 Hands-On Labs
View course detailsRegister
Slide 14 of 18
SEC673: Advanced Information Security Automation with Python
SEC673Cyber Defense
https://www.sans.org/reading-room/whitepapers/malicious/loki-bot-information-stealer-keylogger-more-37850
Page 10 of 14

6 Days (Instructor-Led)
 36 CPEs / 36 Hours (Self-Paced)
 Labs: 27 Hands-On Labs
View course detailsRegister
Slide 15 of 18
SEC301: Introduction to Cyber Security
SEC301Cyber Defense
https://www.sans.org/reading-room/whitepapers/malicious/loki-bot-information-stealer-keylogger-more-37850
Page 11 of 14

GIAC Information Security Fundamentals (GISF)
 5 Days (Instructor-Led)
 30 CPEs / 30 Hours (Self-Paced)
 Labs: 14 Hands-On Labs
View course detailsRegister
Slide 16 of 18
SEC530: Defensible Security Architecture and Engineering: Implementing Zero Trust for
the Hybrid Enterprise
SEC530Cyber Defense
 GIAC Defensible Security Architecture (GDSA)
 6 Days (Instructor-Led)
 36 CPEs / 36 Hours (Self-Paced)
 Labs: 24 Hands-On Labs
View course detailsRegister
Slide 17 of 18
SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense, Artificial Intelligence
https://www.sans.org/reading-room/whitepapers/malicious/loki-bot-information-stealer-keylogger-more-37850
Page 12 of 14

GIAC Machine Learning Engineer (GMLE)
 6 Days (Instructor-Led)
 36 CPEs / 36 Hours (Self-Paced)
 Labs: 30 Hands-On Labs
View course detailsRegister
Slide 18 of 18
SEC529: Quantum Security Readiness for Executives
SEC529Cyber Defense
https://www.sans.org/reading-room/whitepapers/malicious/loki-bot-information-stealer-keylogger-more-37850
Page 13 of 14

1 Day (Instructor-Led)
 6 CPEs / 6 Hours
 Labs: 3 Hands-On Labs
View course detailsRegister
Source: https://www.sans.org/reading-room/whitepapers/malicious/loki-bot-information-stealer-keylogger-more-37850
https://www.sans.org/reading-room/whitepapers/malicious/loki-bot-information-stealer-keylogger-more-37850
Page 14 of 14