Zeus Sphinx banking Trojan masquerades as relief payment

April 3, 2020
4
min read

The Carrier

The Malware

  • The malicious code hijacks Windows processes to fetch a malware downloader (kofet.dll).
  • The downloader then fetches the final payload from C2C. After the system is fully compromised, the malware establishes persistence by modifying Windows registry, and injecting malicious data to %APPDATA% and other folders.
Tags:
No items found.