The domain tdork[.]zip is currently registered via NJalla (privacy protection). The malware author is actively monitoring public sandboxes — avoid uploading live samples to public services like VirusTotal without stripping sensitive URLs.
Several theories have emerged regarding the file's contents: tdork.zip