Get Started
Platform
Why SentinelOne?
Services
Partners
Resources
About
Pricing
Get Started
Back to Resources

SentinelOne vs Zeus Sphinx banking trojan (COVID-19 SPAM)

Video
SentinelOne vs Zeus Sphinx banking trojan (COVID-19 SPAM)

Late in March, we observed the Sphinx banking trojan, which is largely based on leaked source code for Zeus, began to aggressively spread via email with COVID-themed messages. In some cases, victims were enticed to complete a form related to receiving government assistance during the outbreak. The malicious document then proceeds to drop and execute a VBS script. This script establishes C2 communication channels and downloads additional executable payloads. Beyond the COVID-themed lures, the functionally is largely unchanged with regards to data inception via web injects. #Zeus Sphinx attempts to establish persistence via the registry (HKLMSoftwareMicrosoftWindowsCurrentVersionRun). The malware has also been known to self-sign its binaries, in an attempt to further evade traditional endpoint security controls. Watch how SentinelOne blocks this threat.

Watch Now
Related Resources
Video
SentinelOne PartnerOne – America’s 2025
Video
Just a Sec: Cybersecurity Unfiltered—Fast, Frank, and From the Front Lines
Video
LABScon24 Replay | A Walking Red Flag (With Yellow Stars) | Cary & Benincasa
Video
LABScon24 Replay | Kryptina RaaS: From Unsellable Cast-off to Enterprise Ransomware | Jim Walter

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform harnesses the power of data and AI to protect your organization now and into the future.

Request a Demo