nerdexam
EC-Council

312-50V11 · Question #1016

Jack, a disgruntled ex-employee of Incalsol Ltd., decided to inject fileless malware into Incalsol's systems. To deliver the malware, he used the current employees' email IDs to send fraudulent emails

The correct answer is B. Phishing. Jack uses phishing to deliver fileless malware by sending fraudulent emails with malicious links that redirect victims to an exploit-loaded website. The delivery vector is phishing, even though the payload executes in-memory.

Malware Threats

Question

Jack, a disgruntled ex-employee of Incalsol Ltd., decided to inject fileless malware into Incalsol's systems. To deliver the malware, he used the current employees' email IDs to send fraudulent emails embedded with malicious links that seem to be legitimate. When a victim employee clicks on the link, they are directed to a fraudulent website that automatically loads Flash and triggers the exploit. What is the technique used byjack to launch the fileless malware on the target systems?

Options

  • AIn-memory exploits
  • BPhishing
  • CLegitimate applications
  • DScript-based injection

How the community answered

(24 responses)
  • A
    8% (2)
  • B
    75% (18)
  • C
    13% (3)
  • D
    4% (1)

Why each option

Jack uses phishing to deliver fileless malware by sending fraudulent emails with malicious links that redirect victims to an exploit-loaded website. The delivery vector is phishing, even though the payload executes in-memory.

AIn-memory exploits

In-memory exploits describe how the fileless malware executes after delivery, not the technique used to launch the attack on target systems.

BPhishingCorrect

Phishing is the technique of sending deceptive emails that appear legitimate to trick recipients into clicking malicious links. Jack crafted fraudulent emails impersonating trusted senders and embedded a link redirecting victims to a site that auto-loaded Flash to trigger the in-memory exploit. The social engineering delivery mechanism - not the payload behavior - defines this as phishing.

CLegitimate applications

Legitimate applications refers to a fileless malware technique that hijacks trusted binaries like PowerShell or WMI to execute code, which is not what Jack used for delivery.

DScript-based injection

Script-based injection refers to executing malicious scripts (e.g., via PowerShell or JavaScript) as the execution mechanism, not the social engineering delivery method used here.

Concept tested: Phishing as a fileless malware delivery vector

Source: https://attack.mitre.org/techniques/T1566/

Topics

#fileless malware#phishing delivery#Flash exploit#in-memory execution

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice