312-50V13 Question #422: Real Exam Question with Answer & Explanation

Question

Mason, a professional hacker, targets an organization and spreads Emotet malware through malicious script. After infecting the victim's device. Mason further used Emotet to spread the infection across local networks and beyond to compromise as many machines as possible. In this process, he used a tool, which is a self-extracting RAR file, to retrieve information related to network resources such as writable share drives. What is the tool employed by Mason in the above scenario?

Options

• ANetPass.exe
• BOutlook scraper
• CWebBrowserPassView
• DCredential enumerator

Explanation

Explanation

Option D (Credential enumerator) is correct because Emotet malware uses a built-in credential enumerator tool - delivered as a self-extracting RAR file - specifically designed to scan and retrieve information about network resources, including writable share drives, enabling lateral movement across local networks and beyond.

Why the distractors are wrong:

• Option A (NetPass.exe) is a network password recovery tool used to retrieve passwords stored on a system, not to enumerate network share resources.
• Option B (Outlook scraper) is an Emotet module, but its purpose is to harvest email addresses and contacts from Microsoft Outlook - unrelated to network share enumeration.
• Option C (WebBrowserPassView) is a password recovery tool that extracts credentials saved in web browsers, not a network resource discovery tool.

Memory Tip: Think "Credential Enumerator = Network Explorer" - despite its name focusing on credentials, this Emotet tool enumerates network resources (writable shares) packaged as a self-extracting RAR, which is its defining characteristic in exam scenarios. If the question mentions self-extracting RAR + network shares + lateral movement, always think Credential Enumerator.

No community discussion yet for this question.