312-50V9 · Question #342
Matthew received an email with an attachment named "YouWon$10Grand.zip." The zip file contains a file named "HowToClaimYourPrize.docx.exe." Out of excitement and curiosity, Matthew opened the said fil
The correct answer is B. Trojan. The malware disguises itself as a legitimate prize-claim file to trick the user, then silently establishes persistence and communicates with a C2 server - the defining behavior of a Trojan horse.
Question
Matthew received an email with an attachment named "YouWon$10Grand.zip." The zip file contains a file named "HowToClaimYourPrize.docx.exe." Out of excitement and curiosity, Matthew opened the said file. Without his knowledge, the file copies itself to Matthew's APPDATA\IocaI directory and begins to beacon to a Command-and-control server to download additional malicious binaries. What type of malware has Matthew encountered?
Options
- AKey-logger
- BTrojan
- CWorm
- DMacro Virus
How the community answered
(45 responses)- A4% (2)
- B91% (41)
- C2% (1)
- D2% (1)
Why each option
The malware disguises itself as a legitimate prize-claim file to trick the user, then silently establishes persistence and communicates with a C2 server - the defining behavior of a Trojan horse.
A keylogger's primary function is to record and exfiltrate keystrokes; it does not involve disguised delivery via zip files or C2 beaconing for additional binaries.
A Trojan horse is malware that masquerades as a legitimate or benign file to deceive users into executing it; in this case, 'HowToClaimYourPrize.docx.exe' uses a double extension to appear as a Word document. Once executed, it copies itself to a persistence location (APPDATA\IocaI) and beacons to a Command-and-Control server to download additional payloads. This combination of deception, persistence, and C2 communication is the canonical behavior of a Trojan.
A worm self-replicates and spreads autonomously across networks without requiring user interaction for propagation, which is not described here.
A macro virus infects documents via embedded macros that execute when the document is opened in an application like Microsoft Word, which is a different mechanism than a disguised executable.
Concept tested: Trojan horse malware identification and behavior
Source: https://csrc.nist.gov/glossary/term/trojan_horse
Topics
Community Discussion
No community discussion yet for this question.