Lokibot Malware Analysis Report

is an info stealer malware that has the ability to steal credential information from various programs installed on infected PCs such as web browsers, mail clients, and FTP clients. It is a malicious code that has been steadily spreading since many years ago, but it is still distributed steadily to this day. Lokibot is mostly distributed through emails, and these days it is mainly distributed in the form of a .NET program to bypass diagnosis.


malware is mainly distributed as a email such as a quote request, is produced as a .NET packer, operates by injecting payload into a child process, and is stored in various types of collection target programs. Its primary purpose is to steal information.

Since it targets businesses rather than individuals, it is necessary to be careful as it may cause further damage if the credential information of the PC used for business is leaked.

Therefore, in order to prevent malware infection, you should refrain from clicking on attachments or URLs in e-mails from unknown sources, and make it a habit to update vaccines and regularly scan them.