Zeus Sphinx banking Trojan masquerades as relief payment

Summary

Yet another attempt to cash in on the fears of Coronavirus, with COVID-themed phishing. Zeus Sphynx targets banks, delivers malicious email attachments.

The Carrier

The Malware

  • The malicious code hijacks Windows processes to fetch a malware downloader (kofet.dll).
  • The downloader then fetches the final payload from C2C. After the system is fully compromised, the malware establishes persistence by modifying Windows registry, and injecting malicious data to %APPDATA% and other folders.

Table of Contents

Request an easy and customized demo for free