nerdexam
EC-Council

312-50V10 · Question #476

Matthew received an email with an attachment named "YouWon$10Grand.zip." The zip file contains a file named "HowToClaimYourPrize.docx.exe." Out of excitement and curiosity, Matthew opened the said fil

The correct answer is B. Trojan. The malware Matthew encountered is a Trojan - it disguises itself as a desirable file to deceive the user into executing it, then performs malicious actions including establishing persistence and communicating with a C2 server.

Malware Threats

Question

Matthew received an email with an attachment named "YouWon$10Grand.zip." The zip file contains a file named "HowToClaimYourPrize.docx.exe." Out of excitement and curiosity, Matthew opened the said file. Without his knowledge, the file copies itself to Matthew's APPDATA\IocaI directory and begins to beacon to a Command-and-control server to download additional malicious binaries. What type of malware has Matthew encountered?

Options

  • AKey-logger
  • BTrojan
  • CWorm
  • DMacro Virus

How the community answered

(47 responses)
  • A
    2% (1)
  • B
    89% (42)
  • C
    2% (1)
  • D
    6% (3)

Why each option

The malware Matthew encountered is a Trojan - it disguises itself as a desirable file to deceive the user into executing it, then performs malicious actions including establishing persistence and communicating with a C2 server.

AKey-logger

A keylogger is specifically designed to record and exfiltrate keystrokes; the described malware's primary behaviors are deception, persistence, and C2 beaconing - none of which indicate keystroke capture.

BTrojanCorrect

A Trojan horse is malware that masquerades as a legitimate or appealing file to trick users into running it - here the executable is disguised with a .docx double extension inside a tempting zip file. Once executed, it copies itself to a persistence location (APPDATA\IocaI) and beacons to a command-and-control server to download further payloads, which are hallmark behaviors of a Trojan dropper or downloader subtype.

CWorm

A worm self-replicates and propagates autonomously across networks without requiring user interaction or disguising itself as another file type.

DMacro Virus

A macro virus embeds malicious VBA code inside document files (such as Word or Excel) and executes within the host Office application, whereas this malware is a standalone executable disguised as a document.

Concept tested: Trojan malware identification via disguise and C2 behavior

Source: https://www.cisa.gov/news-events/news/understanding-malicious-code

Topics

#Trojan#C2 communication#malware classification#dropper

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice