ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v11 All Questions

View all questions & answers for the 312-50v11 exam
Go to Exam

Exam 312-50v11 topic 1 question 309 discussion

Actual exam question from ECCouncil's 312-50v11
Question #: 309
Topic #: 1
[All 312-50v11 Questions]

Mason, a professional hacker, targets an organization and spreads Emotet malware through malicious script. After infecting the victim's device, Mason further used Emotet to spread the infection across local networks and beyond to compromise as many machines as possible. In this process, he used a tool, which is a self-extracting RAR file, to retrieve information related to network resources such as writable share drives.
What is the tool employed by Mason in the above scenario?

  • A. NetPass.exe
  • B. Outlook scraper
  • C. WebBrowserPassView
  • D. Credential enumerator
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Scryptic at Sept. 28, 2021, 12:27 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Scryptic
Highly Voted 2 years, 2 months ago
Taken fropm: https://us-cert.cisa.gov/ncas/alerts/TA18-201A Currently, Emotet uses five known spreader modules: NetPass.exe, WebBrowserPassView, Mail PassView, Outlook scraper, and a credential enumerator. Credential enumerator is a self-extracting RAR file containing two components: a bypass component and a service component. The bypass component is used for the enumeration of network resources and either finds writable share drives using Server Message Block (SMB) or tries to brute force user accounts, including the administrator account. Once an available system is found, Emotet writes the service component on the system, which writes Emotet onto the disk. Emotet’s access to SMB can result in the infection of entire domains (servers and clients).
upvoted 16 times
...
mileke2
Highly Voted 1 year, 7 months ago
Selected Answer: D
CEH courseware page 1060. Answer is credential enumerator
upvoted 7 times
dinonino
1 year, 3 months ago
You're right
upvoted 1 times
...
...
victorfs
Most Recent 7 months, 1 week ago
Selected Answer: D
The correcto option is D. Credential enumerator. The key is "self-extracting RAR"
upvoted 1 times
...
HadiCyA
7 months, 3 weeks ago
FIGURE 1: MALICIOUS EMAIL DISTRIBUTING EMOTET Credential enumerator is a self-extracting RAR file containing two components: a bypass component and a service component. The bypass component is used for the enumeration of network resources and either finds writable share drives using Server Message Block (SMB) or tries to brute force user accounts, including the administrator account. Once an available system is found, Emotet writes the service component on the system, which writes Emotet onto the disk. Emotet’s access to SMB can result in the infection of entire domains (servers and clients). https://www.cisa.gov/news-events/alerts/2018/07/20/emotet-malware
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel