312-50V10 · Question #476
Matthew received an email with an attachment named "YouWon$10Grand.zip." The zip file contains a file named "HowToClaimYourPrize.docx.exe." Out of excitement and curiosity, Matthew opened the said fil
The correct answer is B. Trojan. The malware Matthew encountered is a Trojan - it disguises itself as a desirable file to deceive the user into executing it, then performs malicious actions including establishing persistence and communicating with a C2 server.
Question
Matthew received an email with an attachment named "YouWon$10Grand.zip." The zip file contains a file named "HowToClaimYourPrize.docx.exe." Out of excitement and curiosity, Matthew opened the said file. Without his knowledge, the file copies itself to Matthew's APPDATA\IocaI directory and begins to beacon to a Command-and-control server to download additional malicious binaries. What type of malware has Matthew encountered?
Options
- AKey-logger
- BTrojan
- CWorm
- DMacro Virus
How the community answered
(47 responses)- A2% (1)
- B89% (42)
- C2% (1)
- D6% (3)
Why each option
The malware Matthew encountered is a Trojan - it disguises itself as a desirable file to deceive the user into executing it, then performs malicious actions including establishing persistence and communicating with a C2 server.
A keylogger is specifically designed to record and exfiltrate keystrokes; the described malware's primary behaviors are deception, persistence, and C2 beaconing - none of which indicate keystroke capture.
A Trojan horse is malware that masquerades as a legitimate or appealing file to trick users into running it - here the executable is disguised with a .docx double extension inside a tempting zip file. Once executed, it copies itself to a persistence location (APPDATA\IocaI) and beacons to a command-and-control server to download further payloads, which are hallmark behaviors of a Trojan dropper or downloader subtype.
A worm self-replicates and propagates autonomously across networks without requiring user interaction or disguising itself as another file type.
A macro virus embeds malicious VBA code inside document files (such as Word or Excel) and executes within the host Office application, whereas this malware is a standalone executable disguised as a document.
Concept tested: Trojan malware identification via disguise and C2 behavior
Source: https://www.cisa.gov/news-events/news/understanding-malicious-code
Topics
Community Discussion
No community discussion yet for this question.