nerdexam
EC-Council

312-50V11 · Question #982

Mason, a professional hacker, targets an organization and spreads Emotet malware through malicious script. After infecting the victim's device. Mason further used Emotet to spread the infection across

The correct answer is D. Credential enumerator. Emotet's credential enumerator component is a self-extracting RAR executable that scans and retrieves network resource information such as writable share drives to facilitate lateral movement.

Malware Threats

Question

Mason, a professional hacker, targets an organization and spreads Emotet malware through malicious script. After infecting the victim's device. Mason further used Emotet to spread the infection across local networks and beyond to compromise as many machines as possible. In this process, he used a tool, which is a self-extracting RAR file, to retrieve information related to network resources such as writable share drives. What is the tool employed by Mason in the above scenario?

Options

  • ANetPass.exe
  • BOutlook scraper
  • CWebBrowserPassView
  • DCredential enumerator

How the community answered

(28 responses)
  • A
    4% (1)
  • B
    18% (5)
  • C
    7% (2)
  • D
    71% (20)

Why each option

Emotet's credential enumerator component is a self-extracting RAR executable that scans and retrieves network resource information such as writable share drives to facilitate lateral movement.

ANetPass.exe

NetPass.exe is a legitimate Nirsoft password recovery utility that recovers network credentials stored on a local machine, not a tool for enumerating shared network drives.

BOutlook scraper

Outlook scraper is a separate Emotet module that harvests email contacts and message content from Microsoft Outlook to facilitate spam campaigns, not to identify network shares.

CWebBrowserPassView

WebBrowserPassView is a Nirsoft utility used to recover passwords saved in web browsers and is sometimes abused for credential theft, but it does not enumerate network resources or writable shares.

DCredential enumeratorCorrect

The Emotet malware includes a module referred to as the 'credential enumerator,' packaged as a self-extracting RAR file, that specifically discovers and enumerates network resources including writable shared drives. This information is used to facilitate lateral movement across local networks, allowing Emotet to propagate from machine to machine. This component is distinct from Emotet's password-stealing modules and is focused on network reconnaissance to maximize the spread of infection.

Concept tested: Emotet malware lateral movement and credential enumeration

Source: https://www.cisa.gov/news-events/cybersecurity-advisories/aa20-280a

Topics

#Emotet malware#credential enumerator#network shares#botnet propagation

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice