http://{BLOCKED}mmj.com/cfg.bin

TSPY_ZBOT.THX connects to this URL to download its configuration file. This is the Trend Micro detection for KINS Trojan, dubbed as the next ZeuS by media reports. Similar to ZeuS/ZBOT, it downloads configuration file and steals online banking credentials. However, it uses a different packer and has anti-debugging and anti-analysis routines.