Loki-Bot: Information Stealer, Keylogger, & More!
By Rob Pantazopoulos
Loki-Bot is advertised as a Password and CryptoCoin Wallet Stealer on several hacker forums (carter, 2015) (Anonymous, 2016) (lokistov, 2015) but aside from cheap sales pitches on the black market, not much has been published regarding the details of its characteristics and capabilities. This poses a problem to information security analysts who require such details in order to accurately prevent and/or defend against incidents involving this malware. The primary goal of this paper is to provide a comprehensive resource on Loki-Bot for those looking to better understand its inner workings and to provide contextual knowledge in support of incident response efforts. Contents of this paper will focus solely on characteristics identified during code-level analysis within a debugger. Basic static and dynamic analysis of Loki-Bot will be left as an exercise for the reader.